A couple of quick responses to the questions on RPOW, as I am at Crypto this week. Taral asked about the attestation. It is based on a root key published in Appendix C of IBM's "IBM 4758 PCI Cryptographic Coprocessor Custom Software Interface Reference", available from http://www.ibm.com/security/cryptocards/html/library.shtml. It is also published on IBM's web page at http://www.ibm.com/security/cryptocards/html/faqcopvalidity.shtml This tells you that the attestation refers to a valid IBM 4758. Further, the attestation contains within it both a hash of the RPOW program, and a set of keys generated by that program. Using the methods described on the rpow.net web site, it is possible to take the RPOW source code and generate a hash which matches that reported in the attestation. This tells you that you have access to the actual source code running on the RPOW server. By studying the source you can confirm that the program never exposes its private keys or allows them to leave the board. This tells you that if you send a message encrypted to the RPOW communications key and get a meaningful response (messages are protected with HMAC), you are talking to the program described in the attestation. Lynn Wheeler mentions the IBM 4758 break by Mike Bond and Richard Clayton described at http://www.cl.cam.ac.uk/~rnc1/descrack/. This was not actually a break of the 4758 but an exploit of a cryptographic weakness in the application running on the board, which was IBM's CCA support software. RPOW does not use CCA and is not vulnerable to that attack, and IBM has since fixed the CCA. Of course it is possible that RPOW may have vulnerabilities and errors of its own, being my own work and far from perfect. I welcome review and comment on the RPOW source code which is open source and available from rpow.net. Hal Finney --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'