Edwin,
Please enlighten us on this "attack". I have never heard of it and I
have been working with the e-gold SCI for a few years.
Thanks,
Sidd.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Edwin
Woudt
Sent: Thursday, 4 January 2001 08:34
To: e-gold Tech
Subject: [e-gold-tech] Re: SR shopping cart?
"Loryn E. Jenkins" <[EMAIL PROTECTED]> wrote:
>> Are you aware of the security problem with the old hash?
>
> No, I'm afraid I haven't studied it.
If I remember correctly, the way the hash is constructed can in some
cases
allow an active attacker to change the payment (IE: change the
amount),
while the merchant thinks it received the correct payment.
It's not a very likely attack, but it should be fixed anyway. I
couldn't
find the details of the attack in my e-gold mailing list archives, but
I
can ask the person who discovered the attack to send them (the e-gold
people should also have these documents).
Edwin
---
You are currently subscribed to e-gold-tech as: [EMAIL PROTECTED]
To unsubscribe send a blank email to
[EMAIL PROTECTED]
---
You are currently subscribed to e-gold-tech as: archive@jab.org
To unsubscribe send a blank email to [EMAIL PROTECTED]
