An attack on paypal
James A. Donald
jamesd at echeque.com
Tue Jun 10 15:32:55 EDT 2003
--
On 8 Jun 2003 at 14:47, tom st denis wrote:
> I disagree. That attack is more akin to a "Hi, I'm calling
> from {insert bank here} and we need your CC info to update
> your file."
>
> That doesn't mean credit cards [nor your bank] are flawed.
Actually credit cards, and your bank, are flawed, as any porn
site operator will tell you.
> The attack is based on you giving out the secrets, and alas,
> no crypto can really stop that
If people routinely conduct business by sharing secrets, they
will tend to share secrets with the wrong people. The
solution, envisaged a long time ago, but not implemented
successfully, is not to use shared secrets.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
z/jW5FTj5fTxewjBZmMh+hI7TPK07m0Wi/ugRB/p
4o2DM1LcrAnzZHIYbECFoxfE1N1Ts2we2cISfJ8QL
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list