[Cryptography] HSMs or Intel SGX? Which is harder to hack?

Bill Cox waywardgeek at gmail.com
Thu Feb 16 22:08:07 EST 2017


Here's an example of what makes it hard for me to read about HSMs.  I'm
picking on Thales here only by chance.  I know for a fact that they are a
well respected HSM vendor, but OMG, reading their web page is very hard for
even an arm-chair crypto-geek like me.  Some quotes from this page
<https://www.thales-esecurity.com/solutions/by-technology-focus/tamper-resistant-security>
:

"While devices from Thales have been proven in a range of settings
including some of the world’s most stringent environments, you do not need
to take our word for the fact that they are more secure. Thales products
have been independently certified to meet FIPS 140-2 and Common Criteria
standards."

What is the actual state of real-world security from respectable HSMs?  How
hard is it to extract secrets from a "level 4" tamper-resistant HSM that
attempts to erase secrets when a potential attack is detecte?

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170216/da63a7d9/attachment.html>


More information about the cryptography mailing list