ArcotSign (was Re: Does security depend on hardware?)

Lucky Green shamrock at netcom.com
Mon Sep 21 07:49:04 PDT 1998 


Nick,

I am somewhat puzzled by your response. Do you assert that a software based
solution, executed on a general purpose CPU under a general purpose OS, can
afford the same protection of whatever the secret in question may be as a
hardware token, such as a smartcard? A hardware token lacking the very API
to extract the secret through software based attacks?

If so, could you please share with us the revolutionary breakthrough in
computer science that negates the effect of decompilers and runtime
debuggers on Arcot's software?

Furthermore, how do you consolidate the claim on Arcot's website that
"ArcotSignTM [...] offers [hardware solution] tamper resistance in software"
with the statement by Arcot's very own cryptographic advisor, Bruce
Schneier, that "Of course. It's less secure than hardware solutions".

Perhaps I have worked in this industry for too long to fully adjust to the
novel genius displayed in "virtual one-time pads", "virtual smartcards", and
"virtual security".

Thanks,
--Lucky Green <shamrock at netcom.com>
  PGP 5.x  encrypted email preferred

> -----Original Message-----
> From: owner-cryptography at c2.net [mailto:owner-cryptography at c2.net]On
> Behalf Of Nick Szabo
> Sent: Monday, September 21, 1998 18:31
> To: rdl at MIT.EDU; scott at loftesness.com
> Cc: cryptography at c2.net; libtech at lists.best.com
> Subject: Re: ArcotSign (was Re: Does security depend on hardware?)
>
>
>
> I have consulted at both DigiCash and Arcot.  I am still
> under nondisclosure to Arcot, so I can't answer any
> questions about this that go beyond the publicly available
> information.  Arcot has recently made available on their public
> web site "Software Smart Cards via Cryptographc Camouflage", at
> http://www.arcot.com/camo2.html.  At the end of
> this paper is referenced Rivest's "Chaffing and Winnowing"
> paper.  These give a good overview of how such a technology
> can work, and the scope of its application.
>
>
> Nick Szabo
> szabo at best.com
> http://www.best.com/~szabo/
>

More information about the cypherpunks-legacy mailing list