From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 10 Dec 95 23:49:59 PST
To: Nathaniel Borenstein <nsb+limbo@nsb.fv.com>
Subject: Re: More FUD from First Virtual
Message-ID: <199512110750.XAA11161@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:51 AM 12/10/95 -0500, Nathaniel Borenstein <nsb@fv.com> (Tense Hot
Alien In Barn) wrote:

>In any event, I could write a virus that sits in
>front of the e-cash program and steals your keys when next you run the
>e-cash program.  Software's just too easy to fool.  That's why I regard
>the risk of catastrophe as being fairly large in software-based e-cash
>schemes.

How is this different for an ecash program vs. a First Virtual email
acknowledgement program, where either a (really hairy) virus, or, 
more practically, an active email interloper could fake FV acks?  

While hardware may be the best encryption solution for the average user
(as you say, and I think I agree with you), it needs to have some password
interface such as a small keypad on the front of the smartcard, to prevent
its usability after theft.

Of course, there are problems with digicash as well; my Digicash play-money
account thinks it's empty (in spite of having half a dozen coin-looking files),
and doesn't recognize any of the half-dozen passwords I've guessed I might have
used with it, so I'm not able to use Sameer's digicash-powered remailer.
#--
#				Thanks;  Bill
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0663 Pager/Voicemail 1-408-787-1281