Creativity and security

Matt Blaze mab at
Tue Mar 28 05:32:45 EST 2006

On Mar 26, 2006, at 22:07, Joseph Ashwood wrote:

> ----- Original Message ----- From: "J. Bruce Fields"  
> <bfields at>
> Subject: Re: Creativity and security
>> On Fri, Mar 24, 2006 at 06:47:07PM -0000, Dave Korn wrote:
>>>   IOW, unless we're talking about a corrupt employee with a  
>>> photographic
>>> memory and telescopic eyes,
>> Tiny cameras are pretty cheap these days, aren't they?  The employee
>> would be taking more of a risk at that point though, I guess.
> The one I find scarier is the US restaurant method of handling  
> cards. For those of you unfamiliar with it, I hand my card to the  
> waiter/waitress, the card disappears behind a wall for a couple of  
> minutes, and my receipt comes back for to sign along with my card.  
> Just to see if anyone would notice I actually did this experiment  
> with a (trusted) friend that works at a small upscale restaurant. I  
> ate, she took my card in the back, without hiding anything or  
> saying what she was doing she took out her cellphone, snapped a  
> picture, then processes everything as usual. The transaction did  
> not take noticably longer than usual, the picture was very clear,  
> in short, if I hadn't known she was doing this back there I would  
> never have known. Even at a high end restaurant where there are  
> more employees than clients no one paid enough attention in the  
> back to notice this. If it wasn't a trusted friend doing this I  
> would've been very worried.
>                Joe

Heh, that's marvelous.

I touched briefly on the awfulness of restaurant payment protocols in my
2004 paper from the Cambridge Protocols Workshop, which you may enjoy:

    M. Blaze. "Toward a broader view of security protocols."
    12th Cambridge International Workshop on Security Protocols.
    Cambridge, UK. April 2004.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list