[Previous] [Next] [Index]
[Thread]
Re: SSL and certificates
On Wed, 28 Aug 1996, Jordyn A. Buchanan wrote:
> >>With a well designed system, including proper PGP key and passphrase
> >>management training to the client, the risks involved can be very greatly
> >>reduced so that the risks are almost certainly lower than any other use of
> >>CCs.
> >
> >I realize that this is a weak link (getting the CC# from server to
> >merchant), but are there well-established alternatives?
> >
> >E.g. are there versions of PGP that an ISP can install on a UNIX box in a
> >simple fashion?
>
> Yes. PGP has compiled out-of-the-box on all the systems I've tried it on.
> There are other alternatives as well: you could set up a secret key with
> the merchant, for example, and simply use triple DES or IDEA on all the
> messages you sent them.
For a commercial application you will need to use ViaCrypt PGP. There are
versions for Windows, Mac and many different flavors of Unix. They don't
give out source; all distributions are binary.
http://www.viacrypt.com/
One major reason for using PGP is the simplicity of key management. In
DES or IDEA you need a secure channel to exchange keys. With PGP, key
management becomes much simpler.
> >And then what? Do you write as part of the order-taking form-processing cgi
> >a call to PGP before SENDMAIL?
>
> That would work fine. There is also at least one sendmail wrapper
> (pgpsendmail) that you could send the message to *instead* of sendmail,
> which would also invoke PGP before actually sending the message off.
>
> PGP also works in a pipe mode so it would be possible to simply pipe the
> message through PGP on the way to sendmail.
I pipe it through PGP on the way to sendmail; pgpsendmail would also work.
> As a sidenote, though, I'm not sure why Mr. Brennen considers e-mail on a
> disk to be more vulnerable to hacking than e-mail in transit. If diskspace
1) Relative time of static exposure in a mailbox vs. transit time on a
link. 2) Mailboxes are known targets; they might as well have bullseyes
painted on them.
Sniffing and filtering a high speed link in the middle can certainly be
done. The relative amount of data that has to be caught and filtered to
do so compared to breaking into a mail server would seem to me to send
most efforts down the path of least resistance.
> is so easy to break into, presumably the hacker can simply modify the CGI
> application so they get a copy of all the credit card information.
> Obviously, administrative accounts are usually somewhat better defended
> than user accounts, but persumably its possible to put some protection on
> the merchant's accounts.
Perhaps true enough if they can get an account with sufficient priviledge.
If the CGI is a large compiled binary and the source is not online it is
much harder to do this (admittedly not impossible). CGI should not fall
under merchant protections.
-- Michael
References: