Collaborate Disseminate
What is Foreshadow, and How Can You Overcome this Vulnerability? Earlier this month it was revealed that another vulnerability – the fourth – was discovered in Intel’s x86 chip architecture. Researchers in Belgium originally alerted I… Continue reading What is Foreshadow, and How Can You Overcome this Vulnerability?
Let’s encrypt claim that their private keys are stored in HSMs, but how can they have many HSMs with the same key?
I think that they must have more than one server to issue so many certificates, then how can each of these ser… Continue reading How to copy Hardware Security Module (HSM)
How can I implement the functionality of an HSM in my end-to-end security solution without buying one?
Continue reading implementing HSM (Hardware Security Module) [on hold]
I am implementing a security solution and I would like some recommendations on existing HSM software. If anyone has done a comparison on the existing HSM software and can recommend good and supported ones?
I have seen virtua… Continue reading HSM (Hardware Security Module) [on hold]
Typical USB tokens (Nitrokey, YubiKey…) allow an everyday user to store PGP keys and use them to encrypt email, harddrives and so on.
The same vendors also offer distinct products called HSMs (Nitrokey HSM, YubiHSM). The suggested use c… Continue reading Why is an HSM required to protect CA certificates (rather than a regular USB token)?
The system manages and stores sensitive data of short strings.
Because the sensitive data is of an enumerated type with limited set of well known values, the attacker could easily iterate all the possible values to generate … Continue reading Securing hashes of short enumerated values
I know that security-oriented products can easily protect their contents from even the most sensitive commercial x-rays, which can see objects at about 0.5µm. But let’s put cost limits aside (or imagine that we have State-level resources),… Continue reading Is there some type of x-ray that can see through HSM or shielded integrated circuit?
Microsoft recently started enforcing apps to be signed by EV code-signing certificates instead of just regular certificates. These usually come on an external device such as USB smart card or a HSM, where the private key is stored and can’… Continue reading Where to put a code signing server with EV code signing certificate and plugged-in HSM
I am looking at deploying some PKIs for a couple different clients, some big and some small. For cost savings (and other reasons) we are contemplating hosting one or more of the issuing CAs in AWS using the (new) CloudHSM. I … Continue reading Mostly offline CA HSM
I am looking at deploying some PKIs for a couple different clients, some big and some small. For cost savings (and other reasons) we are contemplating hosting one or more of the issuing CAs in AWS using the (new) CloudHSM. I … Continue reading Mostly offline CA HSM