NCipher Takes Hardware Security To Network Level
Anton Stiglic
astiglic at okiok.com
Tue Oct 7 10:12:05 EDT 2003
----- Original Message -----
From: "Peter Gutmann" <pgut001 at cs.auckland.ac.nz>
> [...]
> If you think that's scary, look at Microsoft's CryptoAPI for Windows XP
FIPS
> 140 certification. As with physical security certifications like BS 7799,
you
> start by defining your security perimeter, defining everything inside it
to be
> SECURE, and ignoring everything outside it. Microsoft defined their
perimeter
> as "the case of the PC". Everything inside the PC is defined to be
SECURE.
> Everything outside is ignored.
I believe that is typical of most software crypto modules that are FIPS 140
certified, isn't it?
It classifies the module as multi-chip standalone.
This is why you get requirements of the type that it should run on Windows
in
single-user mode, which I take to mean have only an admin account. This
prevents
privilege escalation attacks (regular user to root) that are easily done.
I think this is reasonable, since you really are relying on the OS and the
PC for the
security of the module.
More scary to me is stuff like
"DSSENH does not provide persistent storage of keys. While it is possible
to
store keys in the file system, this functionality is outside the scope of
this validation."
This is where Microsoft's CSPs do the dirty work, and use what is called
the Data Protection API (DPAPI) to somehow safeguard keys somewhere
in your system.
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list