[Cryptography] threat models, was quantum computers & crypto

[Ron Garret]

On Oct 31, 2021, at 3:37 PM, John Levine <johnl at iecc.com> wrote:

> Banks' security model for checks depends on auditing
> and reversing bogus transactions, so even if someone were to use the 
> account info to make a fake check, or more likely an unauthorized ACH
> withdrawal, you tell the bank when you get your statement and they
> reverse it.

It is also worth noting that this is not just standard industry practice, it is actually required by law, at least in the U.S.  This is the reason that credit cards are more secure than debit cards despite the fact that the underlying technology is exactly the same.  The *legal* protections in place for credit cards are stronger than debit cards.

Checks are also quite secure in practice despite being trivially broken in theory.  In this case it is not just the law working in your favor, but also the laws of physics.  Checks are physical artifacts, and so reproducing them and forging them is fundamentally harder and riskier than digital fraud, so most people who are inclined to pursue careers in fraud just don’t bother.

rg