Exception

While the description of X9.17 is accurate, the description of the manner in which the keys are applied to Electronic Funds Transfers (EFT) is simplified.

In the story, it is stated that cryptography is used for message authentication (MAC’s) but not for secrecy. It is stated that EFT’s are sent “in the clear”, making it possible to eavesdrop on the messages (but (supposedly) not tamper with the messages).

In fact, cryptography is used to provide both integrity and secrecy of EFT traffic.

Note that the use of cryptography to encrypt the EFT’s has no bearing on the actual attack. It is still possible for an insider to learn the key-encrypting or data-encrypting keys used by other participants of the network. The author chose to “overlook” the fact that EFT’s are encrypted because including this detail would have complicated the early part of the story. In order for Carl Raymond to make his initial observations and uncover the mill, he would have to defeat the encryption. This would have made the first few chapters overly complicated and would require that Carl’s initial actions be even less honerable.

In other words, Carl Raymonds’s early observations are not possible when EFT’s are encrypted. Susan Ignassi’s attack is still possible.