Re: UKNM: Credit card fraud

[Tom Hukins]

Sajid Mohammed wrote:

>As far as I am aware, the only way to read an encrypted credit card

>number would be to use a 'brute force' technique, which requires a

>vast amount of processing time. I wonder if there are any friendly

>computer science types who could work out how long it would take one

>solitary hacker with a top of the line Pentium to do this? If people

>were made aware of how much time it takes to crack *one* credit card

>number, I am sure their fears would be allayed.


I'm far from being a "computer science type", and I probably wouldn't know

any more if I was, but I'll do my best to answer this:


Brute force is the only way to crack a well-designed, well-implemented

cryptographic algorithm. As has already been noted, early versions of

Netscape used poorly-implemented cryptography. A poorly designed algorithm

would be one which is easily reversible, for example if each letter

corresponds to its position in the alphabet (A -> 01, B -> 02, Z -> 26)

then I can easily decrypt 021515 to BOO.


To get some idea of how tough/easy it is to crack some of the commonly used

crypto algorithms take a look at <http://www.distributed.net/>.


On a related note: There doesn't seem to be much fuss about the

government's proposal for crypto legislation. I really the Internet

industry will try to defeat this dangerous proposal which has been put

forward by people who don't understand what's at stake.


Regards,

Tom



--


       Learn how to create amazing web sites


     Visit eBORcOM's Web Development Resources

          http://www.eborcom.com/webmaker/