This post did not contain any content.
-
This post did not contain any content.
@filippo posting through the HSM adventures
-
This post did not contain any content.
@filippo it is impossible
-
This post did not contain any content.
@filippo Worst absurdity are network-attached HSMs.
-
R relay@relay.mycrowd.ca shared this topic
-
This post did not contain any content.
sorry to be so ignorant but what is a HSM?
is it a machine dedicated to doing cryptography?
-
This post did not contain any content.
@filippo trusted hardware, the refuge of insoluble problems https://chaos.social/@gsuberland/112341253188262230
-
sorry to be so ignorant but what is a HSM?
is it a machine dedicated to doing cryptography?
@rzeta0 @filippo
Hardware Security Module.
Box that does cryptography and keeps keys inside a box. If anyone in the world can use it for cryptography, it doesn't really make the keys more secure. If you need a key to prove you're a person allowed to use the box, you have to keep that key safe outside the box.
And if you ask the box to sign things you didn't understand, none of it helps.
https://en.wikipedia.org/wiki/Hardware_security_module -
sorry to be so ignorant but what is a HSM?
is it a machine dedicated to doing cryptography?
-
R relay@relay.an.exchange shared this topic
-
@filippo Worst absurdity are network-attached HSMs.
Network-attached HSMs protect adequately against theft of hardware that involves cutting power to the host, so long as the multiple parties required for unlocking the HSM at startup can't be coerced into doing so with an XKCD 538 attack on themselves or loved ones.
-
@rzeta0 @filippo
Hardware Security Module.
Box that does cryptography and keeps keys inside a box. If anyone in the world can use it for cryptography, it doesn't really make the keys more secure. If you need a key to prove you're a person allowed to use the box, you have to keep that key safe outside the box.
And if you ask the box to sign things you didn't understand, none of it helps.
https://en.wikipedia.org/wiki/Hardware_security_module -
@poleguy @armb @rzeta0 @filippo It also adds some financial problems. HSMs aren't cheap. And you need ways to back up the keys securely, which means onto another HSM. Amazon's "CloudHSM" is $1.45/hour, and has the obvious security issue of being a fucking cloud service, if you want opex issues instead of just capex.
-
@poleguy @armb @rzeta0 @filippo It also adds some financial problems. HSMs aren't cheap. And you need ways to back up the keys securely, which means onto another HSM. Amazon's "CloudHSM" is $1.45/hour, and has the obvious security issue of being a fucking cloud service, if you want opex issues instead of just capex.
@SAI_Peregrinus @poleguy @armb @filippo
So after reading the replies I am concluding that:
1. A HSM can accelerate cryptography by doing it in hardware. I understand this is less of a unique selling point as modern computer hardware can do it in hardware too?
2. A HSM is a specialised environment unlike a general operating system, which reduces the attack surface to stored keys, and may have anti-attack measures to defend against attempts at compromise. A general "all-purpose" OS and hardware can't for example delete keys if it detects an attempt to read the data bus.
2a. But a compromised general purpose OS can still read message before encryption and after decryption because that general OS still has to process that data ?! So the security benefit is limited?
3. A HSM doesn't help the problem of getting keys into the device, nor the backup problem in general (non-general a vendor may have mechanism to back it up to another one of their own devices).
Is that a fair summary?
-
@SAI_Peregrinus @poleguy @armb @filippo
So after reading the replies I am concluding that:
1. A HSM can accelerate cryptography by doing it in hardware. I understand this is less of a unique selling point as modern computer hardware can do it in hardware too?
2. A HSM is a specialised environment unlike a general operating system, which reduces the attack surface to stored keys, and may have anti-attack measures to defend against attempts at compromise. A general "all-purpose" OS and hardware can't for example delete keys if it detects an attempt to read the data bus.
2a. But a compromised general purpose OS can still read message before encryption and after decryption because that general OS still has to process that data ?! So the security benefit is limited?
3. A HSM doesn't help the problem of getting keys into the device, nor the backup problem in general (non-general a vendor may have mechanism to back it up to another one of their own devices).
Is that a fair summary?
@rzeta0 @SAI_Peregrinus @poleguy @filippo
1. Some HSMs provide acceleration, but the main point is the security.
2. Yes
2a. The compromised OS with an HSM client can read and leak messages, but it can't leak the key (assuming the HSM has suitable permissions on the key).
Some HSMs have audit features so you can tell a signing key hasn't been used for unexpected signatures, for example.
3. Copying to another similar device is not the only possible backup mechanism, check the documentation of your HSM. -
@rzeta0 @SAI_Peregrinus @poleguy @filippo
1. Some HSMs provide acceleration, but the main point is the security.
2. Yes
2a. The compromised OS with an HSM client can read and leak messages, but it can't leak the key (assuming the HSM has suitable permissions on the key).
Some HSMs have audit features so you can tell a signing key hasn't been used for unexpected signatures, for example.
3. Copying to another similar device is not the only possible backup mechanism, check the documentation of your HSM.@armb @SAI_Peregrinus @poleguy @filippo
So getting keys into a HSM and configuring it must be done carefully a sanitised controlled environment.
I am starting to see how a HSM might fit into wider enterprise architecture now.
-
R relay@relay.infosec.exchange shared this topic
