From: Hallam-Baker <hallam@ai.mit.edu>
Date: Fri, 27 Sep 1996 16:21:31 +0800
To: cypherpunks@toad.com
Subject: Re: Weaknesses in Smart Cards? (Re: FLA_wed)
In-Reply-To: <52fcje$6ib@life.ai.mit.edu>
Message-ID: <324B6D5E.167E@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Its worse than that. The Bellcore piece was presented as being
about a possible weakness in MONDEX. In fact MONDEX does not use the
cryptographic technique investigated. Its a symmetric key (DES)
based system. I would immagine they would keep a symmetric 
component even if they go for a public key system.

BTW if you think carefully about MONDEX you will note that a
public key system does not improve security. The system 
depends on private keys embedded in the devices. There is
no value in having the devices use public key signatures over 
symetric ones.

	Phill

PS whats the betting that anyone at a high profile site who
happens to be offline for a few hours to (say) change 
service providers will be reported as having been "hacked"?