[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ArcotSign (was Re: Does security depend on hardware?)




Nick,

I am somewhat puzzled by your response. Do you assert that a software based
solution, executed on a general purpose CPU under a general purpose OS, can
afford the same protection of whatever the secret in question may be as a
hardware token, such as a smartcard? A hardware token lacking the very API
to extract the secret through software based attacks?

If so, could you please share with us the revolutionary breakthrough in
computer science that negates the effect of decompilers and runtime
debuggers on Arcot's software?

Furthermore, how do you consolidate the claim on Arcot's website that
"ArcotSignTM [...] offers [hardware solution] tamper resistance in software"
with the statement by Arcot's very own cryptographic advisor, Bruce
Schneier, that "Of course. It's less secure than hardware solutions".

Perhaps I have worked in this industry for too long to fully adjust to the
novel genius displayed in "virtual one-time pads", "virtual smartcards", and
"virtual security".

Thanks,
--Lucky Green <[email protected]>
  PGP 5.x  encrypted email preferred

> -----Original Message-----
> From: [email protected] [mailto:[email protected]]On
> Behalf Of Nick Szabo
> Sent: Monday, September 21, 1998 18:31
> To: [email protected]; [email protected]
> Cc: [email protected]; [email protected]
> Subject: Re: ArcotSign (was Re: Does security depend on hardware?)
>
>
>
> I have consulted at both DigiCash and Arcot.  I am still
> under nondisclosure to Arcot, so I can't answer any
> questions about this that go beyond the publicly available
> information.  Arcot has recently made available on their public
> web site "Software Smart Cards via Cryptographc Camouflage", at
> http://www.arcot.com/camo2.html.  At the end of
> this paper is referenced Rivest's "Chaffing and Winnowing"
> paper.  These give a good overview of how such a technology
> can work, and the scope of its application.
>
>
> Nick Szabo
> [email protected]
> http://www.best.com/~szabo/
>