RPOW - Reusable Proofs of Work

Taral taral at taral.net
Mon Aug 16 16:52:51 EDT 2004

On Sun, Aug 15, 2004 at 02:36:51PM -0400, R. A. Hettinga wrote:
> The new concept in the server is the security model.  The RPOW server
> is running on a high-security processor card, the IBM 4758 Secure
> Cryptographic Coprocessor, validated to FIPS-140 level 4.  This card
> has the capability to deliver a signed attestation of the software
> configuration on the board, which any (sufficiently motivated) user
> can verify against the published source code of the system.  This lets
> everyone see that the system has no back doors and will only create RPOW
> tokens when supplied with POW/RPOW tokens of equal value.

Just a quick sanity check for me... what stops you simply faking this
"attestation" and running a compromised system?

Taral <taral at taral.net>
This message is digitally signed. Please PGP encrypt mail to me.
"Some people cause happiness wherever they go; others, whenever they go."
    -- Oscar Wilde
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20040816/62c64fda/attachment.pgp>

More information about the cryptography mailing list