[15930] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: RPOW - Reusable Proofs of Work

daemon@ATHENA.MIT.EDU (Anne & Lynn Wheeler)
Mon Aug 16 18:59:01 2004

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 16 Aug 2004 16:50:13 -0600
To: "R. A. Hettinga" <rah@shipwright.com>
From: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <p061104afbd455bf3fcf9@[66.149.49.5]>

At 12:36 PM 8/15/2004, R. A. Hettinga wrote:
>This is what creates trust in RPOWs as actually embodying their claimed
>values, the knowledge that they were in fact created based on an equal
>value POW (hashcash) token.

the issue in the "yes card" exploit is that you migrate the financial 
business rules out into hardware tokens (of any kind) and then do 
peer-to-peer operations between tokens.

the threat model is you attack the belief in a valid hardware token ... 
once you have that you have the mechanism for creating counterfeit tokens 
that can convince other tokens that they are valid. These counterfeit 
tokens don't tell the truth ... they are programmed to say whatever will 
convince other tokens that can be trusted.

and as per previous post ... i got hit in a sci.crypt thread with the claim 
that even 4758 can be succesfully attacked.

misc. posts discussing token attacks that 1) result in being able to 
fabricate counterfeits 2) which are acceptable in offline, peer-to-peer 
operations:
http://www.garlic.com/~lynn/aadsm15.htm#25 WYTM?
http://www.garlic.com/~lynn/aadsm17.htm#13 A combined EMV and ID card
http://www.garlic.com/~lynn/aadsm17.htm#25 Single Identity. Was: PKI 
International Consortium
http://www.garlic.com/~lynn/aadsm17.htm#42 Article on passwords in Wired News
http://www.garlic.com/~lynn/2003o.html#37 Security of Oyster Cards
http://www.garlic.com/~lynn/2004g.html#45 command line switches [Re: 
[REALLY OT!] Overuse of symbolic constants]
http://www.garlic.com/~lynn/2004j.html#12 US fiscal policy (Was: Bob Bemer, 
Computer Pioneer,Father of ASCII,Invento
http://www.garlic.com/~lynn/2004j.html#13 US fiscal policy (Was: Bob Bemer, 
Computer Pioneer,Father of ASCII,Invento
http://www.garlic.com/~lynn/2004j.html#14 US fiscal policy (Was: Bob Bemer, 
Computer Pioneer,Father of ASCII,Invento


--
Anne & Lynn Wheeler    http://www.garlic.com/~lynn/ 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
home help back first fref pref prev next nref lref last post