From: Adam Shostack <adam@homeport.org>
Date: Thu, 10 Apr 1997 14:08:04 -0700 (PDT)
To: rah@shipwright.com (Robert Hettinga)
Subject: Re: Internet security code said vulnerable to hackers
In-Reply-To: <v0302091faf72b28c4bf2@[139.167.130.246]>
Message-ID: <199704102105.QAA24800@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Robert Hettinga wrote:

| Date:  Thu, 10 Apr 1997 09:47:06 -0400
| From: "Joseph M. Reagle Jr." <reagle@rpcp.mit.edu>
| To: Multiple recipients of <e$@thumper.vmeng.com>

|   	 ATLANTA, April 9 (Reuter) - The new security protocol for

|   	 Steve Mott, senior vice president of electronic commerce
|   and new ventures for MasterCard International, said it could
|   take hackers as little as a year to break the industry's
|   standard encryption code, which is supposed to render
|   credit-card numbers unreadable to outsiders on the Internet's
|   World Wide Web.

	The security problem with SET is not its crypto, but its
complexity, which makes it impossible to determine if the thing is
secure or not.  Its also a nightmare to implement, and was supposed to
be ready six months ago.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume