ianG <i...@iang.org> writes: >from a risk analysis view, the sensible thing to do is to attack the >bureaucracy not the HSM. The problem with attacking the HSM is that it >becomes obvious, a property sometimes known as tamper-evidence. Either by >stealing it or accessing it (I speculate the exploit pointed at by Peter >would have taken months of access).
The initial analysis, on a captive device, took a long time, but once that was done the attack was applicable to any other device of that kind. You're right though, in the case of an HSM (and that includes things like smart cards) you don't bother attacking the device but attack the host that controls it. An external magic box totally controlled by a host that does anything you want it to is only slightly more secure than having the magic-box functions performed directly on the host. Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography