1995-10-06 - Re: Certificate proposal

Header Data

From: Jeff Weinstein <jsw@netscape.com>
To: cypherpunks@toad.com
Message Hash: c2aba9badc68833644244ed021c0782d48cff0e689524deb1fb30ac76c3ef4b2
Message ID: <3074D42E.58DE@netscape.com>
Reply To: <199510060358.UAA03869@orac.engr.sgi.com>
UTC Datetime: 1995-10-06 07:04:44 UTC
Raw Date: Fri, 6 Oct 95 00:04:44 PDT

Raw message

From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 6 Oct 95 00:04:44 PDT
To: cypherpunks@toad.com
Subject: Re: Certificate proposal
In-Reply-To: <199510060358.UAA03869@orac.engr.sgi.com>
Message-ID: <3074D42E.58DE@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Tom Weinstein wrote:
> 
> In article <DG06FE.IA8@sgi.sgi.com>, Hal <hfinney@shell.portal.com> writes:
> 
> > OK, so suppose I want to send my credit card number to Egghead Software.
> > I get one of these new-fangled certificates from somebody, in which
> > VeriSign has certified that key 0x12345678 has hash 0x54321.  I think we
> > can agree that by itself this is not useful.  So, it will also bind in
> > some attribute.  What will that attribute be?
> 
> Um, just a wild guess, but... your credit card number maybe?  (Well,
> okay, its hash.)

  The hash of just the card number isn't good enough.  If you collected
a bunch of certificates (they are public) then you could start guessing
valid card numbers and trying to match the hashes with your database.
The Mastercard SEPP proposal uses a salted hash, where the salt is
a shared secret between the bank and the user.

	--Jeff

> --
> Sure we spend a lot of money, but that doesn't mean    |  Tom Weinstein
> we *do* anything.  --  Washington DC motto             |  tomw@engr.sgi.com

  There are too many Weinsteins hanging out here lately...  :-)

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.

Thread

• Return to October 1995

• Return to “Adam Shostack <adam@homeport.org>”
• Return to “Bob Smart <smart@mel.dit.csiro.au>”
• Return to “Carl Ellison <cme@TIS.COM>”
• Return to “futplex@pseudonym.com (Futplex)”
• Return to “Hal <hfinney@shell.portal.com>”
• Return to “Jeff Weinstein <jsw@netscape.com>”
• Return to “Jiri Baum <jirib@sweeney.cs.monash.edu.au>”
• Return to “Raph Levien <raph@CS.Berkeley.EDU>”
• Return to “tomw@orac.engr.sgi.com (Tom Weinstein)”

• Return to “Wei Dai <weidai@eskimo.com>”

• 1995-10-02 (Mon, 2 Oct 95 08:57:01 PDT) - Certificate proposal - Carl Ellison <cme@TIS.COM>
  • 1995-10-02 (Mon, 2 Oct 95 10:13:58 PDT) - Re: Certificate proposal - Raph Levien <raph@CS.Berkeley.EDU>
    • 1995-10-02 (Mon, 2 Oct 95 15:03:37 PDT) - Re: Certificate proposal - Carl Ellison <cme@TIS.COM>
  • 1995-10-05 (Thu, 5 Oct 95 12:25:49 PDT) - Re: Certificate proposal - Hal <hfinney@shell.portal.com>
    • 1995-10-05 (Thu, 5 Oct 95 16:02:51 PDT) - Re: Certificate proposal - Bob Smart <smart@mel.dit.csiro.au>
    • 1995-10-06 (Thu, 5 Oct 95 17:56:42 PDT) - Re: Certificate proposal - Wei Dai <weidai@eskimo.com>
  • 1995-10-05 (Thu, 5 Oct 95 16:07:56 PDT) - Re: Certificate proposal - Jeff Weinstein <jsw@netscape.com>
    • 1995-10-06 (Thu, 5 Oct 95 17:32:26 PDT) - Re: Certificate proposal - Adam Shostack <adam@homeport.org>
  • 1995-10-06 (Thu, 5 Oct 95 17:41:02 PDT) - Re: Certificate proposal - Hal <hfinney@shell.portal.com>
  • 1995-10-06 (Thu, 5 Oct 95 20:59:01 PDT) - Re: Certificate proposal - tomw@orac.engr.sgi.com (Tom Weinstein)
    • 1995-10-06 (Fri, 6 Oct 95 00:04:44 PDT) - Re: Certificate proposal - Jeff Weinstein <jsw@netscape.com>
  • 1995-10-06 (Thu, 5 Oct 95 21:20:34 PDT) - Re: Certificate proposal - Hal <hfinney@shell.portal.com>
    • 1995-10-12 (Wed, 11 Oct 95 18:47:53 PDT) - Re: Certificate proposal - Jiri Baum <jirib@sweeney.cs.monash.edu.au>
      • 1995-10-12 (Thu, 12 Oct 95 00:08:31 PDT) - Re: Certificate proposal - futplex@pseudonym.com (Futplex)
  • 1995-10-06 (Thu, 5 Oct 95 23:59:32 PDT) - Re: Certificate proposal - Jeff Weinstein <jsw@netscape.com>
  • 1995-10-06 (Fri, 6 Oct 95 00:08:18 PDT) - Re: Certificate proposal - Jeff Weinstein <jsw@netscape.com>
  • 1995-10-06 (Fri, 6 Oct 95 12:12:42 PDT) - Re: Certificate proposal - tomw@orac.engr.sgi.com (Tom Weinstein)