[Previous] [Next] - [Index] [Thread Index] - [Previous in Thread] [Next in Thread]

Subject: Re: UKNM: Credit card fraud
From: Tom Hukins
Date: Mon, 29 Jun 1998 12:16:09 +0100

Sajid Mohammed wrote:
>As far as I am aware, the only way to read an encrypted credit card
>number would be to use a 'brute force' technique, which requires a
>vast amount of processing time. I wonder if there are any friendly
>computer science types who could work out how long it would take one
>solitary hacker with a top of the line Pentium to do this? If people
>were made aware of how much time it takes to crack *one* credit card
>number, I am sure their fears would be allayed.

I'm far from being a "computer science type", and I probably wouldn't know
any more if I was, but I'll do my best to answer this:

Brute force is the only way to crack a well-designed, well-implemented
cryptographic algorithm. As has already been noted, early versions of
Netscape used poorly-implemented cryptography. A poorly designed algorithm
would be one which is easily reversible, for example if each letter
corresponds to its position in the alphabet (A -> 01, B -> 02, Z -> 26)
then I can easily decrypt 021515 to BOO.

To get some idea of how tough/easy it is to crack some of the commonly used
crypto algorithms take a look at <http://www.distributed.net/>.

On a related note: There doesn't seem to be much fuss about the
government's proposal for crypto legislation. I really the Internet
industry will try to defeat this dangerous proposal which has been put
forward by people who don't understand what's at stake.



Learn how to create amazing web sites

Visit eBORcOM's Web Development Resources

  UKNM: EU privacy directive, Steve Bowbrick

[Previous] [Next] - [Index] [Thread Index] - [Next in Thread] [Previous in Thread]