diff --git a/CHANGELOG.md b/CHANGELOG.md
index 77c6766..4195385 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,12 +5,14 @@
 - `HashCache` was extended to cache site keys when caching `PoW` configurations
   as a result:
 - <strike>`Retrieve`</strike> `RetrievePoW` now returns `CachedPoWConfig`
+- random token generation post `PoW` verification
 
 ## Changed
 - `Cache` became `CachePoW` (`HashCache` extension)
 - `Retrieve` became `RetrievePoW`(`HashCache` extension)
 - `DeleteString` became `DeletePoW` (`HashCache` extension)
 - `Save` trait now requires three new message impls (`HashCache` extension_
+- `System.verify_pow` now returns a `String` instead of `bool`
 
 ## Removed
 - `CachePoW` constructor was removed in favour of `CachwPoWBuilder`
diff --git a/examples/simple.rs b/examples/simple.rs
index 9947f4e..7735121 100644
--- a/examples/simple.rs
+++ b/examples/simple.rs
@@ -109,8 +109,9 @@ async fn main() -> std::io::Result<()> {
 
     // Server evaluates client's work. Returns true if everything
     // checksout and Err() if something fishy is happening
-    let res = system.verify_pow(payload.clone()).await.unwrap();
-    assert!(res);
+    let res = system.verify_pow(payload.clone()).await;
+    assert!(res.is_ok());
+    // TODO add server-sideverification
 
     Ok(())
 }
diff --git a/src/cache/hashcache.rs b/src/cache/hashcache.rs
index df11898..0d1ce16 100644
--- a/src/cache/hashcache.rs
+++ b/src/cache/hashcache.rs
@@ -38,6 +38,7 @@ impl HashCache {
         let config: CachedPoWConfig = CachedPoWConfig {
             key: config.key,
             difficulty_factor: config.difficulty_factor,
+            duration: config.duration,
         };
 
         self.difficulty_map.insert(challenge, config);
diff --git a/src/cache/mod.rs b/src/cache/mod.rs
index d64a33e..582c7fc 100644
--- a/src/cache/mod.rs
+++ b/src/cache/mod.rs
@@ -72,6 +72,7 @@ pub mod messages {
     pub struct CachedPoWConfig {
         pub key: String,
         pub difficulty_factor: u32,
+        pub duration: u64,
     }
 
     /// Message to delete cached PoW difficulty factor and string
@@ -91,6 +92,19 @@ pub mod messages {
         pub duration: u64,
     }
 
+    impl From<CachedPoWConfig> for CacheResult {
+        fn from(c: CachedPoWConfig) -> Self {
+            use crate::utils::get_random;
+
+            CacheResultBuilder::default()
+                .key(c.key)
+                .duration(c.duration)
+                .result(get_random(32))
+                .build()
+                .unwrap()
+        }
+    }
+
     /// Message to verify captcha result against
     /// the stored captcha key
     #[derive(Message)]
diff --git a/src/errors.rs b/src/errors.rs
index dc1e449..3fac5de 100644
--- a/src/errors.rs
+++ b/src/errors.rs
@@ -73,6 +73,10 @@ pub enum CaptchaError {
     #[display(fmt = "PoW computed over configuration not intended for target sitekey")]
     MCaptchaKeyValidationFail,
 
+    /// Submitted PoW is invalid
+    #[display(fmt = "Invalid PoW")]
+    InvalidPoW,
+
     /// Used in builder structs when a value is not set
     #[display(fmt = "Please set value: {}", _0)]
     PleaseSetValue(#[error(not(source))] String),
diff --git a/src/lib.rs b/src/lib.rs
index ff14fe8..b1b686d 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -157,8 +157,8 @@
 //!
 //!     // Server evaluates client's work. Returns true if everything
 //!     // checksout and Err() if something fishy is happening
-//!     let res = system.verify_pow(payload.clone()).await.unwrap();
-//!     assert!(res);
+//!     let res = system.verify_pow(payload.clone()).await;
+//!     assert!(res.is_ok());
 //!
 //!     Ok(())
 //! }
diff --git a/src/system.rs b/src/system.rs
index 0655cc8..880d595 100644
--- a/src/system.rs
+++ b/src/system.rs
@@ -37,8 +37,10 @@ pub struct System<T: Save> {
 impl<T> System<T>
 where
     T: Save,
-    <T as actix::Actor>::Context:
-        ToEnvelope<T, messages::CachePoW> + ToEnvelope<T, messages::RetrivePoW>,
+    <T as actix::Actor>::Context: ToEnvelope<T, messages::CachePoW>
+        + ToEnvelope<T, messages::RetrivePoW>
+        + ToEnvelope<T, messages::CacheResult>
+        + ToEnvelope<T, messages::VerifyCaptchaResult>,
 {
     /// utility function to get difficulty factor of site `id` and cache it
     pub async fn get_pow(&self, id: String) -> Option<PoWConfig> {
@@ -68,8 +70,8 @@ where
     }
 
     /// utility function to verify [Work]
-    pub async fn verify_pow(&self, work: Work) -> CaptchaResult<bool> {
-        use crate::cache::messages::RetrivePoW;
+    pub async fn verify_pow(&self, work: Work) -> CaptchaResult<String> {
+        use crate::cache::messages::*;
 
         let string = work.string.clone();
         let msg = RetrivePoW(string.clone());
@@ -95,7 +97,14 @@ where
             return Err(CaptchaError::InsuffiencientDifficulty);
         }
 
-        Ok(self.pow.is_valid_proof(&pow, &string))
+        if !self.pow.is_valid_proof(&pow, &string) {
+            return Err(CaptchaError::InvalidPoW);
+        }
+
+        let msg: CacheResult = cached_config.into();
+        let res = msg.result.clone();
+        self.cache.send(msg).await.unwrap()?;
+        Ok(res)
     }
 }
 
@@ -164,8 +173,8 @@ mod tests {
             key: MCAPTCHA_NAME.into(),
         };
 
-        let res = actors.verify_pow(payload.clone()).await.unwrap();
-        assert!(res);
+        let res = actors.verify_pow(payload.clone()).await;
+        assert!(res.is_ok());
 
         payload.string = "wrongstring".into();
         let res = actors.verify_pow(payload.clone()).await;