[Cryptography] HSM's
Bill Frantz
frantz at pwpconsult.com
Sun Jan 19 13:54:15 EST 2014
On 1/19/14 at 12:22 AM, natanael.l at gmail.com (Natanael) wrote:
>Den 19 jan 2014 06:43 skrev "Jerry Leichter" <leichter at lrw.com>:
>>
>>On Jan 18, 2014, at 1:07 PM, Bill Frantz wrote:
>>>> Open question: What do people think of the production of big important
>>>> keys using the old compliance method of "must use a HSM" now ?
>>>
>>>I have always looked at HSMs as black boxes built by people I don't
>>>trust. If I built it I would feel different, but you should be
>>>uncomfortable using my HSM. Getting mutually suspicious people to trust the
>>>same HSM is an interesting social/technical problem.
>>
>>I'd look at this differently: Is there a construction that preserves the
>>good properties of HSM's (potential for a very small attack surface)
>>without the bad ones (you either have to trust a sealed box that someone
>>else built, or be willing to create it yourself from scratch)? ...
>>
>Wouldn't that simply be a matter of using algorithms like Secure Multiparty
>Computation among a number of devices that has a shares of a key split
>among them using something like Shamir's Secure Sharing Scheme?
I'm tempted to start with: This is a new use of the word
"simply" with which I was not previously familiar. :-)
There seem to be at least three approaches to the problem: (1)
Split the key into enough pieces that a single rogue HSM can't
compromise security. (2) Isolate the HSM(s) such that they can't
communicate the key or perform rogue signatures. (3) Require
signatures from all the HSMs for validity.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"After all, if the conventional wisdom was
working, the
408-356-8506 | rate of systems being compromised would be
going down,
www.pwpconsult.com | wouldn't it?" -- Marcus Ranum
More information about the cryptography
mailing list