"Anton Stiglic" <[EMAIL PROTECTED]> writes: >This is why you get requirements of the type that it should run on Windows in >single-user mode, which I take to mean have only an admin account. This >prevents privilege escalation attacks (regular user to root) that are easily >done. > >I think this is reasonable, since you really are relying on the OS and the PC >for the security of the module.
Uhh, so you're avoiding privilege escalation attacks by having everyone run as root, from which you couldn't escalate if you wanted to. This doesn't strike me as a very secure way to do things (and it would still get MSDOS certified, because you've now turned your machine into a DOS box protection-wise). >More scary to me is stuff like "DSSENH does not provide persistent storage of >keys. While it is possible to store keys in the file system, this >functionality is outside the scope of this validation." That's the "Define the bits that we can easily get away with to be secure and ignore the rest" approach that I commented on. It was actually part of a posting to another list where I was poking fun at BS 7799: -- Snip -- Some years ago I witnessed a BS 7799 security certification being done. For those of you who aren't familiar with this, it's ISO 9000 for security. It went something like this: First, we define the region from the rug in the corner to Dave's desk to the pot-plant on the right to be... SECURE. Everything inside this region is by definition SECURE. Everything outside the region is none of our concern. Access to the server room from the SECURE area is by locked door. The keys are on a hook on the wall, but since the hook is outside the SECURE area, we don't have to worry about that. Now we need to produce a lot of paperwork. I'll help you with this, it should only take a few weeks. Congratulations, you now have a BS 7799-certified SECURE facility. Here's my bill. In other words they didn't change anything at all in their insecure (except in the eyes of BS 7799) work area. The whole certification process was an exercise in meeting the certification requirements purely through the production of paperwork. -- Snip -- The SECURE facility has since been decomissioned, so I guess it's safe to talk about it now. Incidentally, almost everyone knew where the key was because the room in question had the best air-conditioning in the building (it was packed full of servers and networking gear), so it became quite popular in the summer with the sysadmins, who'd find various reasons to do extended amounts of work in there. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]