This is what creates trust in RPOWs as actually embodying their claimed values, the knowledge that they were in fact created based on an equal value POW (hashcash) token.
the issue in the "yes card" exploit is that you migrate the financial business rules out into hardware tokens (of any kind) and then do peer-to-peer operations between tokens.
the threat model is you attack the belief in a valid hardware token ... once you have that you have the mechanism for creating counterfeit tokens that can convince other tokens that they are valid. These counterfeit tokens don't tell the truth ... they are programmed to say whatever will convince other tokens that can be trusted.
and as per previous post ... i got hit in a sci.crypt thread with the claim that even 4758 can be succesfully attacked.
misc. posts discussing token attacks that 1) result in being able to fabricate counterfeits 2) which are acceptable in offline, peer-to-peer operations:
http://www.garlic.com/~lynn/aadsm15.htm#25 WYTM?
http://www.garlic.com/~lynn/aadsm17.htm#13 A combined EMV and ID card
http://www.garlic.com/~lynn/aadsm17.htm#25 Single Identity. Was: PKI International Consortium
http://www.garlic.com/~lynn/aadsm17.htm#42 Article on passwords in Wired News
http://www.garlic.com/~lynn/2003o.html#37 Security of Oyster Cards
http://www.garlic.com/~lynn/2004g.html#45 command line switches [Re: [REALLY OT!] Overuse of symbolic constants]
http://www.garlic.com/~lynn/2004j.html#12 US fiscal policy (Was: Bob Bemer, Computer Pioneer,Father of ASCII,Invento
http://www.garlic.com/~lynn/2004j.html#13 US fiscal policy (Was: Bob Bemer, Computer Pioneer,Father of ASCII,Invento
http://www.garlic.com/~lynn/2004j.html#14 US fiscal policy (Was: Bob Bemer, Computer Pioneer,Father of ASCII,Invento
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
