1997-04-11 - security_1.html

Header Data

From: Lynx_User@linux.nycmetro.com
To: cypherpunks@toad.com
Message Hash: d065d8ccbb9088af81323a81df24ba0bca9d570a50bcd6cec5dc3d13c78d24e7
Message ID: <199704110007.UAA00575@linux.nycmetro.com>
Reply To: N/A
UTC Datetime: 1997-04-11 00:06:26 UTC
Raw Date: Thu, 10 Apr 1997 17:06:26 -0700 (PDT)

Raw message

From: Lynx_User@linux.nycmetro.com
Date: Thu, 10 Apr 1997 17:06:26 -0700 (PDT)
To: cypherpunks@toad.com
Subject: security_1.html
Message-ID: <199704110007.UAA00575@linux.nycmetro.com>
MIME-Version: 1.0
Content-Type: text/plain



                             Reuters New Media
                                      
                    [ Yahoo | Write Us | Search | Info ]
                                      
    [ Index | News | World | Biz | Tech | Politic | Sport | Scoreboard |
                            Entertain | Health ]
     _________________________________________________________________
   
   Previous Story: Digital TV Sets Off High-Definition Race
   Next Story: NTT Data, MCI To Start Internet Roaming Service
     _________________________________________________________________
   
   Thursday April 10 10:03 AM EDT 
   
Internet Security Code Said Vulnerable To Hackers

   By David Morgan
   
   ATLANTA - The new security protocol for safeguarding credit-card
   transactions on the Internet may have to change because the underlying
   cryptography is too easy to hack through and too difficult to upgrade,
   an expert says.
   
   Steve Mott, senior vice president of electronic commerce and new
   ventures for MasterCard International, said it could take hackers as
   little as a year to break the industry's standard encryption code,
   which is supposed to render credit-card numbers unreadable to
   outsiders on the Internet's World Wide Web.
   
   For that reason, the consortium of technology companies and creditors
   that has spent two years developing the Secure Electronic Transaction
   (SET) protocol may switch to a faster encryption system called
   Elliptic Curve, which is produced by Certicom Corp.
   
   The first complete version of SET, known as SET 1.0, will be available
   to software makers June 1 with core cryptography provided by RSA Data
   Security, a unit of Security Dynamics Technologies.
   
   "RSA is a very good starting point. But we suspect that in a year or
   two, the Kevin Mitnicks of the world will start to figure out ways to
   hack it," Mott said. Mitnick is one of the most notorious computer
   hackers.
   
   "The only way you scale an RSA is to add a lot more bits. You add a
   lot more bits and it becomes more complex software in terms of the
   interaction of the transaction messages. That's part of what's taken
   SET so long to start with."
   
   MasterCard has been helping put together merchants with its own member
   banks for SET pilot projects in Denmark, Japan, Taiwan, South Africa
   and the United States.
   
   Mott told a news conference at the Internet Commerce Expo that the
   Elliptic Curve encryption system would make a better encryption core.
   In fact, he said it would have been chosen in the first place if
   developers had been known about it.
   
   "It will fit on a chip card. I think its 160 bits equals security to
   1,024 bits of RSA," the credit industry executive said. "We anticipate
   putting it into some SET 1.0 pilots in the very near future this year
   in the U.S."
   
   Copyright, Reuters Ltd. All rights reserved
     _________________________________________________________________
                                      
                 ________________________ ___________ Help
     _________________________________________________________________
   
   Previous Story: Digital TV Sets Off High-Definition Race
   Next Story: NTT Data, MCI To Start Internet Roaming Service
     _________________________________________________________________
   
    [ Index | News | World | Biz | Tech | Politic | Sport | Scoreboard |
                            Entertain | Health ]
     _________________________________________________________________
   
                              Reuters Limited
                                      
                                      
    Questions or Comments





Thread