----- Original Message ----- 
From: "Peter Gutmann" <[EMAIL PROTECTED]>
Sent: Tuesday, October 07, 2003 11:07 AM
Subject: Re: NCipher Takes Hardware Security To Network Level

> "Anton Stiglic" <[EMAIL PROTECTED]> writes:
> >This is why you get requirements of the type that it should run on
Windows in
> >single-user mode, which I take to mean have only an admin account.  This
> >prevents privilege escalation attacks (regular user to root) that are
> >done.
> >
> >I think this is reasonable, since you really are relying on the OS and
the PC
> >for the security of the module.
> Uhh, so you're avoiding privilege escalation attacks by having everyone
run as
> root, from which you couldn't escalate if you wanted to.  This doesn't
> me as a very secure way to do things (and it would still get MSDOS
> because you've now turned your machine into a DOS box protection-wise).

Did you read the security policy of Netscape Security Module?  Basically,
if you want to get the configuration that is FIPS 140 certified, you need
to install the module on a PC and add tamper resistant seals over
interfaces, junctions and fasteners of all doors and covers in the enclosure
of the PC, so that you can't open the cover without the fact being
noticeable.  I suggest adding some duct tape in strategic positions for
security :).

By reasonable I mean in the framework of having a general purpose software
cryptographic library be certified FIPS.  I'm not saying I find this secure.
When I see a software library being certified FIPS 140, I say to myself it
implement the cryptographic algorithms in a descent way, has a descent
random number generator, and stuff like that.  I don`t care much about the
physical boundary that they artificially determine.

If I want high security, I will go with hardware.  At the end of the line,
you want to protect is your secret keys, and if you don't have a tamper
hardware (that zeroizes your secrets when someone tries to poke at it)
to do that it is difficult if not impossible.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to