[Cryptography] HSM's
Thierry Moreau
thierry.moreau at connotech.com
Mon Jan 20 13:42:54 EST 2014
John Kelsey wrote:
>> On Jan 19, 2014, at 2:49 PM, Thierry Moreau <thierry.moreau at connotech.com> wrote:
>>
> ...
>> A final note: Anyone aware of an HSM vendor that did not follow NIST advice in their engineering? Maybe the HSM concept is just dead after the Snowden revelations.
>
> I'm sure you can find some HSM out there that uses single-DES or a homegrown cipher instead of AES, MD5 instead of SHA1 or SHA2, 768-bit RSA keys, etc. So, yeah, I'm sure you can find someone who will sell you an HSM that ignores NIST recommendations.
>
Good joke!
"Industry best practice" suffices for avoiding known weak algorithms and
crypto parameter sizes, given a knowledgeable customer organization.
Also thanks for pointing to the vagueness of my previous post. Let me
attempt to clarify.
NIST-independent HSMs could aim at certification per
CEN WORKSHOP AGREEMENT, "Security Requirements for Trustworthy Systems
Managing Certificates for Electronic Signatures - Part 1: System
Security Requirements" CWA 14167-1, June 2003 (and other parts and
related documents).
My original question hinted at a very very small market for this idea of
a NIST-independent HSM.
NIST-independent HSM designed and build at arms' length with the US
jurisdiction might be less subject to NSA backdoors. Obviously I'm just
speculating with these words but you might see my point.
Regards,
- Thierry Moreau
More information about the cryptography
mailing list