On 09/02/2011 12:55 PM, coderman wrote:
the next escalation will be sploiting private keys out of hardware
security modules presumed impervious to such attacks.
given the quality of HSM firmwares they're lucky cost is somewhat a
prohibiting factor for attackers.
authority in the wild, not just certs. :P
Why would they need to?
What's the difference between a private key in the wild and a pwned CA
that, even months after a breakin and audit, doesn't revoke or even know
what it signed?
(This is a serious question)
- Marsh
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
