[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
security_1.html
Reuters New Media
[ Yahoo | Write Us | Search | Info ]
[ Index | News | World | Biz | Tech | Politic | Sport | Scoreboard |
Entertain | Health ]
_________________________________________________________________
Previous Story: Digital TV Sets Off High-Definition Race
Next Story: NTT Data, MCI To Start Internet Roaming Service
_________________________________________________________________
Thursday April 10 10:03 AM EDT
Internet Security Code Said Vulnerable To Hackers
By David Morgan
ATLANTA - The new security protocol for safeguarding credit-card
transactions on the Internet may have to change because the underlying
cryptography is too easy to hack through and too difficult to upgrade,
an expert says.
Steve Mott, senior vice president of electronic commerce and new
ventures for MasterCard International, said it could take hackers as
little as a year to break the industry's standard encryption code,
which is supposed to render credit-card numbers unreadable to
outsiders on the Internet's World Wide Web.
For that reason, the consortium of technology companies and creditors
that has spent two years developing the Secure Electronic Transaction
(SET) protocol may switch to a faster encryption system called
Elliptic Curve, which is produced by Certicom Corp.
The first complete version of SET, known as SET 1.0, will be available
to software makers June 1 with core cryptography provided by RSA Data
Security, a unit of Security Dynamics Technologies.
"RSA is a very good starting point. But we suspect that in a year or
two, the Kevin Mitnicks of the world will start to figure out ways to
hack it," Mott said. Mitnick is one of the most notorious computer
hackers.
"The only way you scale an RSA is to add a lot more bits. You add a
lot more bits and it becomes more complex software in terms of the
interaction of the transaction messages. That's part of what's taken
SET so long to start with."
MasterCard has been helping put together merchants with its own member
banks for SET pilot projects in Denmark, Japan, Taiwan, South Africa
and the United States.
Mott told a news conference at the Internet Commerce Expo that the
Elliptic Curve encryption system would make a better encryption core.
In fact, he said it would have been chosen in the first place if
developers had been known about it.
"It will fit on a chip card. I think its 160 bits equals security to
1,024 bits of RSA," the credit industry executive said. "We anticipate
putting it into some SET 1.0 pilots in the very near future this year
in the U.S."
Copyright, Reuters Ltd. All rights reserved
_________________________________________________________________
________________________ ___________ Help
_________________________________________________________________
Previous Story: Digital TV Sets Off High-Definition Race
Next Story: NTT Data, MCI To Start Internet Roaming Service
_________________________________________________________________
[ Index | News | World | Biz | Tech | Politic | Sport | Scoreboard |
Entertain | Health ]
_________________________________________________________________
Reuters Limited
Questions or Comments