[Cryptography] Keeping Malware from Using Security Hardware

[Kent Borg]

On 3/5/25 7:38 PM, Peter Gutmann wrote:
> This is common with HSMs, a lot of the controls are enforced by external API
> wrappers, so to bypass them you just go one level lower in the API.

UI purist mode: Production HSMs should not be capable of presenting in 
the UI things that are never going to be comprehensible to a normal 
person or the harried C-suite exec who is in a hurry and just wants to 
know where to "sign".

But UI design is mostly dead, it somehow got such a bad reputation that 
it had to be renamed "UX", and is now just thought of as a "skin", just 
a packaging layer. There is no real UI in the loop anymore, it is now 
just part of graphic design and tasked with making things look slick. 
And constantly looking different from how they used to look. (Terrible 
for the UI but great for keeping things fresh and cool.)

UIs that are simple to understand (and use) are NOT simple to design. 
But they mislead by seeming simple.


Grrr.

-kb, the grumpy Kent who is getting old.


P.S. Good UI designers should be valuable in the security biz, but let's 
not be silly.