An attack on paypal

James A. Donald jamesd at echeque.com
Tue Jun 10 15:32:55 EDT 2003


    --
On 8 Jun 2003 at 14:47, tom st denis wrote:
> I disagree.  That attack is more akin to a "Hi, I'm calling 
> from {insert bank here} and we need your CC info to update 
> your file."
>
> That doesn't mean credit cards [nor your bank] are flawed.

Actually credit cards, and your bank, are flawed, as any porn 
site operator will tell you.

> The attack is based on you giving out the secrets, and alas, 
> no crypto can really stop that

If people routinely conduct business by sharing secrets, they 
will tend to share secrets with the wrong people.   The 
solution, envisaged a long time ago, but not implemented 
successfully, is not to use shared secrets. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     z/jW5FTj5fTxewjBZmMh+hI7TPK07m0Wi/ugRB/p
     4o2DM1LcrAnzZHIYbECFoxfE1N1Ts2we2cISfJ8QL


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list