> in order for the application to have access to the keys in
> the crypto hardware upon an unattended reboot, the PINs to the hardware
> must be accessible to the application.

The cards that I know about work differently -- you configure them to 
allow unattended reboot, and then no PIN is involved.  This is a little 
more secure, in that it requires a conscious decision to do this, as 
opposed to sticking the PIN somewhere on the filesystem.

        /r$

--
STSM, DataPower CTO
WebSphere Appliance Architect
http://www.ibm.com/software/integration/datapower/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to