Back to the WebFunds page or the FAQ index or the Ricardo page.
Downloading any software over the Internet leaves you with the chance (however small) that the software has somehow been tampered en route. For those technically adept people with this concern you can confirm the integrity of your version of WebFunds by comparing the signature on the WebFunds installation file *** with the public key found at http://webfunds.org/keys/webfunds.asc. NAI Inc. is a supplier of software which will allow you to verify file signatures.
For those who do not wish to download WebFunds from the Internet you may want to contact your currency issuer to see if they can provide WebFunds to you through some other means. The name and contact number of your issuer can be seen in your currency contract. See How do I look at my currency contract? for more information.
Trust only yourself. As a user of WebFunds you are encouraged to take a responsible role in protecting yourself. Encryption software is an extremely powerful tool for on-line commerce when used correctly. However, like most tools it can become ineffective when used improperly. This means that before you use WebFunds you should take the time to learn about how WebFunds operates and the issues you should be aware of for your own protection. As with all electronic commerce and security software you should treat all claims with skepticism. Ascertain for yourself whether you would like to put your trust in WebFunds.
The source code is available for your perusal (see Are there any guarantees? below). Also, Warnings and Golden Rules is one good place to start. Although there is some good preliminary information here in the helpfile you are encouraged to read additional resources. There is a tremendous amount of information available on the Internet and elsewhere see section 6.8 for a list of additional resources.
Be sure you get your version of WebFunds from a trusted party, then learn how to use it in a way which will not compromise the security of your transactions.
No, unfortunately there are no guarantees. While best efforts have been made to provide a secure transaction system based on powerful strong encryption there is no way that your transactions can be guaranteed by the developers. Please read the Issuer's terms and conditions for WebFunds for a further explanation. What you can do is become an informed user of WebFunds. The protocols and algorithms used for WebFunds are published and available for inspection. You can see the Cryptix Mirror page for the source to all strong crypto used. Or, alternatively, you can reverse compile your own version of WebFunds and examine the code for yourself. A thorough evaluation of the algorithms yourself is an excellent to establish faith in WebFunds.
The current version of WebFunds is only delivered for an IBM compatible PC running the Microsoft Windows95 operating system. Because WebFunds was written in Java it is anticipated that future versions will install on other machines and operating systems. WebFunds was designed with portability in mind and the complete source for WebFunds is available if you would like to get it working on another platform or operating system. If you have undertaken a port we would be happy to provide you with any help which you may require. You can write to the WebFunds development team.
Yes, you do. Some versions of Windows 95 will require that you install the Java runtime compiler which is likely also available at the same place you downloaded WebFunds. Also, in order to fully appreciate all the features of Webfunds such as point-and-click purchasing you will also need a current copy of a web-browser such as Netscape 2.0 or later or Microsoft Internet Explorer 3.0 or later (other browsers will also work but the configuration procedures may differ slightly).
For maximum cross-platform compatibility the latest version of WebFunds has been written in Java. The current version is designed for computers using Win95 but other versions may become available. If you are interested in porting the software to another platform please do not hesitate to contact. the WebFunds development team.
This section describes installation on Windows 95 only.
Here is a quick checklist to install WebFunds on your PC:
Make sure you read what is a key, keeping your key safe, below.
Depending on the speed of your computer (and how lucky your computer is at searching during key generation) the process could take anywhere from a few minutes in most cases to as long as an hour in exceptional circumstances. Please be patient because you will only have to do this once.
Congratulations! It's time to hit the superhighway and go shopping! A list of WebFunds compatible shops will be made available online in the future.
In order to use WebFunds every user of WebFunds must generate a secret key. Your secret key is what will allow you to digitally sign payment transfers and communicate securely over the Internet. As you imagine, once your secret key is created it is EXTREMELY valuable. Anyone who has your secret key can do as they wish with WebFunds. The possessor of your secret key can transfer and accept funds or commitments on your behalf. You must therefore protect it as you would any item which is extremely valuable. Do not lend it to anyone and keep an extra copy for emergencies. Your key IS your WebFunds account. If you lose it then you lose the access to the money you have in WebFunds. The importance of your secret key cannot be overstated, guard it carefully and make backups! See the section in the WebFunds FAQ titled Key and KHID Management for more information.
In addition to a secret key which you keep to yourself there you also have a second key called a public key. Your public key is what will allow people to identify you. If you sign a document electronically then your public key is what your signature will be compared against to verify your signature. The details of encryption, digital signatures and public key cryptography are all important topics too vast to be covered in this short amount of space. However, we suggest you read up on these topics if you wish to have a better idea of the security mechanisms behind WebFunds. A good place to start is by looking at the Key and KHID Management section of the WebFunds FAQ. There is also a great deal of information which can be found on these subjects using the Internet as well.
When you first run WebFunds you will be required to have a secret key. If you already have a PGP-compatible key then you can use your existing secret key by importing it into WebFunds. If you do not have a secret key then WebFunds allows you to create a new one. Before you create your key WebFunds will ask you to choose a size for your key. Several keysizes are offered ranging from 384 (for tests) to 1024 (for military grade). The greater your keysize the safer your transactions. However, the greater your keysize the longer it will take for you to generate your secret key, so high security will take patience. Cryptographic literature such as the paper entitled "Minimal Key Lengths for Symmetric Cipher to Provide Adequate Commercial Security" (Matt Blaze et.al.) suggests that keylengths of greater than 75 bits for symmetric cyphers are safe even from well-funded intelligence agencies. Multiplying this by a factor of 10 for a public key cypher suggests that keys of 768 bits and more begin to reach very high levels of security.
Once you have chosen the keysize for the key you wish to create, WebFunds will help you generate it. To generate your key you must first generate a series of random numbers which help to make your key more difficult to guess. To create the random numbers required WebFunds will ask you to move your mouse randomly in and out of the blue box which appears on your screen. Once you are finished WebFunds then performs the mathematics necessary to generate your secret and public keys. Depending on the length of the key you have chosen and the degree of luck your computer has in searching for your keys the process could take anywhere from less than a minute to as long as an hour in exceptional circumstances. You will be notified when the process is completed... be patient, this step can be lengthy, but is critical to ensuring the security of your transactions.
Your secret key is extremely valuable and you must ensure that it is not lost. If it is lost then so is the access to your account. It is thus extremely important to back up your secret key and keep it in a safe place where it can be accessed in case of emergency. For more information on the importance of keys see the section on Key and KHID Management in the WebFunds FAQ.
It is quite easy to make a backup of your secret key. You simply look in the directory where you installed WebFunds using a program such as Windows Explorer (InWin95 click on START ... PROGRAMS ... WINDOWS EXPLORER) and find the directory in which you installed WebFunds. Once you are in that directory open the folder "user" and then the subfolder "userkeys". The file "secring.pgp" is the file which contains your secret key. Backing up this file will ensure that even in the event of a hard-drive failure your electronic money will still not be lost. It goes without saying that that your secret-key backup should be stored in a place which is both safe and inaccessible to others (a safety deposit box is one example).
Any given machine can often be accessed by more than one person. For this reason, storing something as important as a secret key on a computer could be a risky proposition if other people could use it. This is the reasoning behind the use of a pass-phrase. A pass-phrase is like a pin number for your secret key. Your secret key cannot be used unless you have it. This prevents other users of your machine from using your version of WebFunds to make purchases on your behalf. Unless they use your pass-phrase they will be unable to make transactions using your secret key.
A pass-phrase is a balance between convenience and security. If you choose a very short pass-phrase then anyone who manages to make a copy of your secret key may be able to use software which will decrypt your key given enough time. If your password is too long, it becomes more difficult to remember and is less convenient to type in each time. The length of your pass-phrase should be a function of how valuable the account you're protecting is, and the ease with which others have access to your machine.
As a general rule it is best to create a pass-phrase which is as random as possible. Use of both upper and lower case, numbers and symbols all make your pass-phrase more difficult to decipher. If words and/or phrases are used then quirky spellings or unusual combinations will also help. The more random a pass-phrase the less vulnerable it will be to techniques such as dictionary attacks. Always remember that overkill will never hurt here. A well-chosen pass-phrase dramatically reduces the possibility of a secret-key compromise. The algorithms used to protect your transactions are extremely strong, creating a very simple or easy to guess pass-phrase compromises this security dramatically. If you want more information on pass-phrase security and generation there is a list of answers to Frequently Asked Questions (FAQ) posted at: http://www.stack.nl/~galactus/remailers/passphrase-faq.html
In an ideal situation, it would be best to keep your pass-phrase in your head. However, there is the risk that it will be forgotten. Pass-phrases which are either quite long or are used infrequently compound the problem. If you forget your pass-phrase you are in the same position as someone who has lost their secret key... you completely lose the ability to access your account! For this reason it may be a good idea to write down your pass-phrase in case of emergency. A written pass-phrase should never be stored in a place where other people will have access to it.
Normally, you would use WebFunds to make point-and-click purchases through your web browser. To do this, you will have to configure your browser by setting up what is called a proxy. The following examples illustrate how to do this with two popular browsers, Netscape Navigator 2.0 and Microsoft Internet Explorer 3.0.
Before you can spend electronic cash on the Internet you will need to purchase your electronic cash first. This is simply an exchange of the currency you currently use for an electronically denominated one. Your issuer should be able to take care of that exchange for you.
Your issuer should have information on their web page which will provide you with the appropriate instructions for acquiring electronic currency. If you would like to know the location of your issuer's web site or how you can contact them you can look at the File/About Menu option on WebFunds.
One easy way to test WebFunds is to cycle a transaction through the entire system. You can do this by writing a payment and depositing it back into WebFunds. WebFunds will deposit the payment, which will be settled immediately, because it causes no change to the amount of value. That means you can even do this type of transaction when you have no cash! This is how we do it:
Note that:
If the export occurred, then your balance will go down by the amount exported, and it may even go negative!
The balance will actually rectify itself some time (maybe 30 seconds) after the transaction is cleared, as a separate confirmation is needed from the Issuer that it is good (this is the receipt for the transaction).
If you experience problems, please try everything you reasonably can to determine the scope of the problem. Note exactly what you have done and what the problem seems to be. If you are unable to figure it out yourself using the supplied documentation then visit the web site of your issuer and contact them for further assistance, or by using the contact information listed in your currency contract.