From: "David Klur" <dklur@dttus.com>
Date: Wed, 27 Dec 1995 20:59:19 +0800
To: WWW-BUYINFO@ALLEGRA.ATT.COM
Subject: Cybercash security
Message-ID: <9511268200.AA820017186@cc2.dttus.com>
MIME-Version: 1.0
Content-Type: text/plain


     
     What are the major security risks of the Cybercash system?  
     I can't really find any, other than someone cracking the consumer's 
     Cybercash client s/w password and using the victim's account to order 
     something, or someone cracking RSA!.  The following features seem to 
     mitigate other risks...
     
     
     - The merchant never sees the credit card number
     
     - The Cybercash server does not store any credit card numbers (only 
     temporarily while it is waiting for an authorizatino for a specific 
     card purchase)
     
     - The consumer's credit card number is stored on his hard disk 
     encrypted w/DES
     
     - The consumer sends his credit card number across the Internet 
     encrypted w/DES and signed w/ 768-bit RSA