[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SET




[email protected] wrote:

>At Doug Tygar's talk at Harvard last week, he claimed to have found a way
>to crack it. I, um, forgot to press him on this. Has anyone heard about
>this, or what it might be?

Actually, I did not claim to break SET.  What I said was:

(a)  because SET is such a complicated protocol, I am certain that it
     does have flaws;
(b)  SET does not have a clear design philosophy -- for example, it has
     modes in which a consumer's credit card number is hidden from a
     merchant and modes when it is given to a merchant.  These ambiguous
     design points in the protocol make the protocol vulnerable to misuse.

I have not made a serious effort to crack SET, yet.

-- Doug Tygar