From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 14 Apr 1996 10:19:12 +0800
To: die@die.com
Subject: Re: Bank transactions on Internet
In-Reply-To: <9604120417.AA22212@pig.die.com>
Message-ID: <199604140029.TAA13117@homeport.org>
MIME-Version: 1.0
Content-Type: text


Dave Emery wrote:

| 	My only disparaging comment (at least as intended by me) was that
| the task was probably beyond some of the alt.2600 type crackers who
| primarily use canned programs and scripts to perpetrate their attacks. 
| That comment was actually intended as a left handed warning about the
| advisablity of releasing a readily reproduced hardware key cracker
| design to the world at large.  This seems especially true if entire FPGA
| array PC plugin boards are becoming a commodity item and readily
| available and the cracker recipe is buy one of those and install this canned
| software on it.

	I disagree strongly about the advisability of this.  If we
demonstrate the utter weakness of 40 bit keys, the US business
community will scream for a better solution.  With a little correct
publicity, like that provided by the BSA, and backed by most companies
security folks who understand the ludicrousness of the law, the NSA
comes up looking like jackasses.

	Anyway, I've found your comments to be very interesting &
informative, and this was a small nit.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume