"We've been over this before, and my response is the same: It does not solve
the real problem, which is that a fool and his password are soon parted. The
only effect of such a system would be to change the nature of the scams by
which passwords are stolen, _and_ it wouldn't foil a keyboard sniffer
attack."
This is true. And this is also why a smartcard-based public key
cryptosystem is the only real longterm solution.
The real problem with any password based system, whether it be credit/ATM
cards, e-gold, or GoldMoney is that you can never be certain that there
isn't a keyboard sniffer or keyboard bug in your system.
Passwords are becoming much easier to capture because of the proliferation
of free hacker tools. There is now a worm-building tool that allows any
idiot to create new worm viruses that can sniff passwords and send them back
to the creator. A smart hacker could easily create a new worm for a
particular intended victim and send it as an e-mail attachment that would
slip right by an antivirus program because they only recognize widespread
viruses.
A smart card protected public key encrypted authentication scheme would
provide true commercial-grade security. It would make it necessary to steal
the physical smart card and the passphrase in order to hack an account.
This is the real long-term solution to the problem. The amazing thing is
that no one is using it yet.
The other long term solution is to completely abandon account based systems
and switch to digital bearer instruments or "digital cash". These can be
stored on the users hard drive in an encrypted form, or stored on a smart
card, or stored on a zip disk, offline where hackers can't reach them.
Understandably, from a marketing perspective, the easier the system is to
use, the more people will use it. However, e-gold and others will have
difficulty attracting serious commercial customers until they provide a
truly secure payment system. To get people off credit cards, you have to
provide something that is BETTER than credit cards. Presently e-gold is
about equal to credit cards in terms of security, and somewhat better in
terms of non-repudiability. However, as Costa Gold and other examples have
shown, even e-gold isn't really non-repudiable. If they think a transaction
is fraudulent they will freeze it, so it isn't really like cash.
The technology is out there, but so far there hasn't been much
implementation of it. I wonder why?
HK
________________________________________________________________________
Protect your privacy! - Get Freedom 2.0 at http://www.freedom.net
---
You are currently subscribed to e-gold-list as: archive@jab.org
To unsubscribe send a blank email to [EMAIL PROTECTED]
