[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: On shared keys (was RE: SOI: identity protection and DOS)
You have completely missed my point, and incorrectly lumped Visa and ATM
security systems together.
My point is that for over 20 years hundred's of millions of people have
been using *DES* to get cash out of ATM machines. This is a very large
scale system, the number of Internet hosts is an order of magnitude smaller.
As far as I know there has never been a major compromise of this system,
where lots of money was stolen from thousands of accounts.
- Alex
At 08:58 PM 11/27/2001 -0500, Andrew Krywaniuk wrote:
>Your argument is silly.
>
>Visa and ATM transactions aren't secure. There are multiple cases where
>large credit card databases have been compromised (often when an online
>merchant's website is hacked).
...
>
>
>> -----Original Message-----
>> From: owner-ipsec@lists.tislabs.com
>> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Alex Alten
>> Sent: Tuesday, November 27, 2001 12:24 PM
>> To: Hugo Krawczyk; IPsec WG
>> Subject: Re: On shared keys (was RE: SOI: identity protection and DOS)
>>
>>
>> At 01:34 AM 11/27/2001 +0200, Hugo Krawczyk wrote:
>> >Everyone agrees that public key is the ONLY way to a scalable
>> >Internet-wide protocol. No question about it. In particular,
>> >any key-exchange protocol for IPsec MUST provide a PK-based exchange.
>> >
>>
>> No. I STRONGLY disagree. I'll give a counter example. The banking
>> ATM network uses DES keys. It has scaled, in practice, world wide.
>>
>> And BTW, it's security & trust model is excellent. Have you
>> ever heard
>> of a major compromise, say on the scale of 25,000 card #'s
>> being stolen
>> (like with Visa?). Certainly nobody distrusts it because it uses
>> symmetric keys for authentication. In fact I'm certain YOU trust it
>> at least a couple a times a month. :-)
>>
--
Alex Alten
Alten@Home.Com
Follow-Ups:
References: