dkx
Filippo Valsorda
benjojo
Stephan
Richard JohnsonNetwork-attached HSMs protect adequately against theft of hardware that involves cutting power to the host, so long as the multiple parties required for unlocking the HSM at startup can't be coerced into doing so with an XKCD 538 attack on themselves or loved ones.
😏
Tariqsorry to be so ignorant but what is a HSM?
is it a machine dedicated to doing cryptography?
Alan Braggins@rzeta0 @filippo
Hardware Security Module.
Box that does cryptography and keeps keys inside a box. If anyone in the world can use it for cryptography, it doesn't really make the keys more secure. If you need a key to prove you're a person allowed to use the box, you have to keep that key safe outside the box.
And if you ask the box to sign things you didn't understand, none of it helps.
https://en.wikipedia.org/wiki/Hardware_security_module
Hardware Security Module.
Box that does cryptography and keeps keys inside a box. If anyone in the world can use it for cryptography, it doesn't really make the keys more secure. If you need a key to prove you're a person allowed to use the box, you have to keep that key safe outside the box.
And if you ask the box to sign things you didn't understand, none of it helps.
https://en.wikipedia.org/wiki/Hardware_security_module
poleguy looking for lost tools
Eufalconimorph@poleguy @armb @rzeta0 @filippo It also adds some financial problems. HSMs aren't cheap. And you need ways to back up the keys securely, which means onto another HSM. Amazon's "CloudHSM" is $1.45/hour, and has the obvious security issue of being a fucking cloud service, if you want opex issues instead of just capex.
@SAI_Peregrinus @poleguy @armb @filippo
So after reading the replies I am concluding that:
1. A HSM can accelerate cryptography by doing it in hardware. I understand this is less of a unique selling point as modern computer hardware can do it in hardware too?
2. A HSM is a specialised environment unlike a general operating system, which reduces the attack surface to stored keys, and may have anti-attack measures to defend against attempts at compromise. A general "all-purpose" OS and hardware can't for example delete keys if it detects an attempt to read the data bus.
2a. But a compromised general purpose OS can still read message before encryption and after decryption because that general OS still has to process that data ?! So the security benefit is limited?
3. A HSM doesn't help the problem of getting keys into the device, nor the backup problem in general (non-general a vendor may have mechanism to back it up to another one of their own devices).
Is that a fair summary?
@rzeta0 @SAI_Peregrinus @poleguy @filippo
1. Some HSMs provide acceleration, but the main point is the security.
2. Yes
2a. The compromised OS with an HSM client can read and leak messages, but it can't leak the key (assuming the HSM has suitable permissions on the key).
Some HSMs have audit features so you can tell a signing key hasn't been used for unexpected signatures, for example.
3. Copying to another similar device is not the only possible backup mechanism, check the documentation of your HSM.
1. Some HSMs provide acceleration, but the main point is the security.
2. Yes
2a. The compromised OS with an HSM client can read and leak messages, but it can't leak the key (assuming the HSM has suitable permissions on the key).
Some HSMs have audit features so you can tell a signing key hasn't been used for unexpected signatures, for example.
3. Copying to another similar device is not the only possible backup mechanism, check the documentation of your HSM.
@armb @SAI_Peregrinus @poleguy @filippo
So getting keys into a HSM and configuring it must be done carefully a sanitised controlled environment.
I am starting to see how a HSM might fit into wider enterprise architecture now.
@rzeta0
Ideally you generate keys inside the HSM rather than import keys whose history you can't be sure of, but that isn't always possible.
https://www.entrust.com/sites/default/files/documentation/datasheets/entrust-nshield-edge-ds.pdf is an example of an HSM that definitely doesn't provide acceleration but does have the same key management API as faster devices from the same vendor.
I don't think Entrust still sell it, but its still not exactly cheap even as an older used device
https://www.ebay.co.uk/itm/196488086169
@rzeta0 (A note on branding differences on those links, nCipher were acquired by Thales, and later sold to Entrust, but some products kept some nCipher branding at some time.)
Athena L.M.@filippo trusted hardware, the refuge of insoluble problems https://chaos.social/@gsuberland/112341253188262230
