Filippo ValsordaFeb 16
Show threadTariqFeb 16

@filippo

sorry to be so ignorant but what is a HSM?

is it a machine dedicated to doing cryptography?

Show threadAlan BragginsFeb 16
@rzeta0 @filippo
Hardware Security Module.
Box that does cryptography and keeps keys inside a box. If anyone in the world can use it for cryptography, it doesn't really make the keys more secure. If you need a key to prove you're a person allowed to use the box, you have to keep that key safe outside the box.
And if you ask the box to sign things you didn't understand, none of it helps.
https://en.wikipedia.org/wiki/Hardware_security_module
Hardware security module - Wikipedia

Show threadpoleguy looking for lost toolsFeb 17

@armb @rzeta0 @filippo So it's like a supercomputer: turns processor bound problems into io bound problems?

Except a networked HSM: turns a key security problem into multiple key security problems plus key exchange problems?

Show threadEufalconimorphFeb 17
@poleguy @armb @rzeta0 @filippo It also adds some financial problems. HSMs aren't cheap. And you need ways to back up the keys securely, which means onto another HSM. Amazon's "CloudHSM" is $1.45/hour, and has the obvious security issue of being a fucking cloud service, if you want opex issues instead of just capex.
Show threadTariqFeb 17

@SAI_Peregrinus @poleguy @armb @filippo

So after reading the replies I am concluding that:

1. A HSM can accelerate cryptography by doing it in hardware. I understand this is less of a unique selling point as modern computer hardware can do it in hardware too?

2. A HSM is a specialised environment unlike a general operating system, which reduces the attack surface to stored keys, and may have anti-attack measures to defend against attempts at compromise. A general "all-purpose" OS and hardware can't for example delete keys if it detects an attempt to read the data bus.

2a. But a compromised general purpose OS can still read message before encryption and after decryption because that general OS still has to process that data ?! So the security benefit is limited?

3. A HSM doesn't help the problem of getting keys into the device, nor the backup problem in general (non-general a vendor may have mechanism to back it up to another one of their own devices).

Is that a fair summary?

Show threadAlan Braggins
@rzeta0 @SAI_Peregrinus @poleguy @filippo
1. Some HSMs provide acceleration, but the main point is the security.
2. Yes
2a. The compromised OS with an HSM client can read and leak messages, but it can't leak the key (assuming the HSM has suitable permissions on the key).
Some HSMs have audit features so you can tell a signing key hasn't been used for unexpected signatures, for example.
3. Copying to another similar device is not the only possible backup mechanism, check the documentation of your HSM.
Feb 17 at 9:11pmWeb
Show threadTariqFeb 17

@armb @SAI_Peregrinus @poleguy @filippo

So getting keys into a HSM and configuring it must be done carefully a sanitised controlled environment.

I am starting to see how a HSM might fit into wider enterprise architecture now.

Show threadAlan BragginsFeb 17

@rzeta0
Ideally you generate keys inside the HSM rather than import keys whose history you can't be sure of, but that isn't always possible.

https://www.entrust.com/sites/default/files/documentation/datasheets/entrust-nshield-edge-ds.pdf is an example of an HSM that definitely doesn't provide acceleration but does have the same key management API as faster devices from the same vendor.
I don't think Entrust still sell it, but its still not exactly cheap even as an older used device
https://www.ebay.co.uk/itm/196488086169

Show threadAlan BragginsFeb 17
@rzeta0 (A note on branding differences on those links, nCipher were acquired by Thales, and later sold to Entrust, but some products kept some nCipher branding at some time.)