[2384] in cryptography@c2.net mail archive
RE: Weak Crypto and Y2K
daemon@ATHENA.MIT.EDU (Rick Smith)
Fri Mar 27 12:24:43 1998
In-Reply-To: <v03130303b14136456d08@[24.128.40.70]>
Date: Fri, 27 Mar 1998 10:17:31 -0600
To: "Arnold G. Reinhold" <reinhold@world.std.com>,
Nathan Spande <nathan@epicsys.com>,
"'Trei, Peter'" <ptrei@securitydynamics.com>,
"'perry@piermont.com'" <perry@piermont.com>
From: Rick Smith <rsmith@securecomputing.com>
Cc: "'cryptography@c2.net'" <cryptography@c2.net>
At 6:14 AM -0500 3/27/98, Arnold G. Reinhold wrote:
>If the Y2K analogy does not grab you, consider the use of social security
>numbers and mothers' maden names as a weak form of authentication by credit
>card companies. This has lead to a major new form of crime called "theft of
>identity." Many authorites consider theft of identity to be the major
>growth area in criminal activity today. This was totally predictable 30
>years ago, but the argument was that the cost of a more secure system would
>be greater than the losses expected from occasional fraud. Tell that to
>someone whose credit identity has been stolen.
Careful. This can easily lead to a conclusion that crypto technology will
cause a dangerous acceleration of progress in digital communications, lead
to new products and services, which in turn will inevitably be abused by
some people to the detriment of others. Ergo, crypto shouldn't just be
restricted, it should be banned.
I don't think that's a direction we want to go.
Rick.
smith@securecomputing.com
