[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More FUD from First Virtual

To: jim bell <[email protected]>
Subject: Re: More FUD from First Virtual
From: Nathaniel Borenstein <[email protected]>
Date: Sun, 10 Dec 1995 08:51:45 -0500 (EST)
Cc: [email protected]
In-Reply-To: <[email protected]>
References: <[email protected]>
Reply-To: Nathaniel Borenstein <[email protected]>
Sender: [email protected]

I think Adam's already covered the red herring of key length.   You can
use 4-billion-bit keys and it won't help prevent an attack based on
stealing secret keys.

Ed Carp hit the nail on the head when he wrote:  

> What is needed is better human management of keys.  Why 
> brute-force, why look for weak keys, why bother calculating how much 
> safer 2047-bit keys are rather than 1024-bit keys when someone can 
> look on your HD and find your secret key, when they can open your 
> desk drawer and find your pass phrase or password, when they can 
> guess that you used your wife's maiden name as your password?

What some people seem to miss is that, in the absence of hardware keys
(which I believe is the only workable long term solution for mass-market
cryptography), this sort of thing is just plain too easy.  If a Windows
cryptoprogram stores its secret keys in a known location, I can write a
Windows virus that flies through the net and steals zillions.  If the
program insists on making the users insert a floppy every time, the
program's perceived usability will go through the floor, and people will
find workarounds.  In any event, I could write a virus that sits in
front of the e-cash program and steals your keys when next you run the
e-cash program.  Software's just too easy to fool.  That's why I regard
the risk of catastrophe as being fairly large in software-based e-cash
schemes.

Jim, I never denied that some banks would be willing to take the risk
(in fact, read my post, I said just the opposite).  What I said was that
the assumption of the risk would carry a significant underwriting cost,
which would be, in essence, the "cost of anonymity" when comparing
payment systems.  

Finally Jim writes:

> Your arguments seem to only be qualitative, not quantitative.  Maybe that's
> why the other guy calls them "FUD."  

I'm saying that there will be a high underwriting cost for anonymous
cash, and that this will make it much more expensive than non-anonymous
payment systems.  To my mind, that's a discussion about quantity of
costs, not quality.  If you want me to give you numbers, I'm sorry, but
I can't -- I'm not a banker or an actuary, and a lot of leg work would
be required to come up with a precise number in any event.  If I were a
banker, however, I think I'd be too conservative to underwrite e-cash at
any price, and would suggest that you find a less risk-averse banker.  
-- Nathaniel
--------
Nathaniel Borenstein <[email protected]>       | (Tense Hot Alien In Barn)
Chief Scientist, First Virtual Holdings | VIRTUAL YELLOW RIBBON:
FAQ & PGP key: [email protected]       | http://www.netresponse.com/zldf

References:
- Re: More FUD from First Virtual
  - From: jim bell <[email protected]>

Prev by Date: Re: Warning about Pegasus Mail and PGP (fwd)
Next by Date: Re: Warning about Pegasus Mail and PGP (fwd)
Prev by thread: Re: More FUD from First Virtual
Next by thread: Re: More FUD from First Virtual
Index(es):
- Date
- Thread