From: "Rev. Mark Grant" <mark@unicorn.com>
Date: Fri, 1 Dec 1995 04:44:42 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: Credit card theft Re: The future will be easy to use
Message-ID: <Pine.3.89.9511301809.A9289-0100000@unicorn.com>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 30 Nov 1995 s1113645@tesla.cc.uottawa.ca wrote:

> What if it's an ecash password getting stolen? Who's liable? (lemme 
> guess, your money's gone, tough luck!)

>From what I remember of the contract, that's true, the bank appear to take
no liability for ecash (check the WWW page for the real details). As I'm
not likely to have more than about $ 50 of ecash at any time, I'm not
*that* concerned about it. Big users could transfer payments back into
their dollar account ASAP to avoid most of these problems, just keeping
enough in the ecash account to make any payments that may be required. 

It's not really any worse than physical cash, as long as the software is
reliable, which it appears to be (I've lost payments in the past, but 
cancelling them has always worked to get the money back).

> Disclaimer: I don't have a marktwain account at the moment, so I can't
> say a thing about the security of the system. I wish them the absolute best 
> of luck.

I do, and yes, from conversations with them it appears that if someone
gets your secret key and password they can clear out all the money from
your ecash account. This is potentially a real problem for shops, which
have to have a secret key file on the machine they run from. Currently
this even applies to shops that only *accept* ecash, though there may be
an accept-only server out sometime, and I found a way to delete the secret
key itself from the file and still have it work (I forget the exact
details, you basically zero 256 bytes of the file that contain the key,
which appears to be 768-bits according to the debug output, so I don't
know what the extra bits are used for). 

Shops that pay out need to have an *unencrypted* secret key on the server,
which is scary, but there's not much you can do about it if you're running
on an insecure server...  The only way around it that I can see would be
to withdraw ecash using a secure machine and upload it to your server, so
that the shop could make payments until the ecash supply was depleted and
then you'd manually have to withdraw more. Then if someone broke into your
account they'd get the ecash, but not the key, and you could limit your
exposure to the amount you uploaded at any one time. I'll probably be
doing that once the check I mailed over gets into my ecash account. 

This is strictly my understanding of the system based on what I've been
told, so hopefully if I'm wrong then someone from DigiCash will correct
me.

	Mark