Re: Unattended reboots (was Re: The clouds are not random enough)

2009-08-03 Thread Richard Salz
in order for the application to have access to the keys in the crypto hardware upon an unattended reboot, the PINs to the hardware must be accessible to the application. The cards that I know about work differently -- you configure them to allow unattended reboot, and then no PIN is involved.

Re: Unattended reboots (was Re: The clouds are not random enough)

2009-08-03 Thread Arshad Noor
Richard Salz wrote: The cards that I know about work differently -- you configure them to allow unattended reboot, and then no PIN is involved. This is a little more secure, in that it requires a conscious decision to do this, as opposed to sticking the PIN somewhere on the filesystem.

Re: Unattended reboots

2009-08-03 Thread james hughes
the software can get at at boot, an attacker who steals a copy of a backup, say - can also get at. Almost every e-commerce site (that needs to be PCI-DSS compliant) I've worked with in the last few years, insists on having unattended reboots. I penned a recent blog about this fact at http

Re: Unattended reboots (was Re: The clouds are not random enough)

2009-08-03 Thread lists
Arshad Noor arshad.noor strongauth.com wrote: to the keys, in order for the application to have access to the keys in the crypto hardware upon an unattended reboot, the PINs to the hardware must be accessible to the application. If the application has automatic access to the PINs, then so

Re: Unattended reboots (was Re: The clouds are not random enough)

2009-08-03 Thread Darren J Moffat
Arshad Noor wrote: Almost every e-commerce site (that needs to be PCI-DSS compliant) I've worked with in the last few years, insists on having unattended reboots. Not only that but many will be multi-node High Availability cluster systems as well or will be horizontally scaled. This means

Re: Unattended reboots (was Re: The clouds are not random enough)

2009-08-03 Thread Richard Salz
All the HSMs I've worked with start their system daemons automatically; but the applications using them must still authenticate themselves to the HSM before keys can be used. How do the cards you've worked with authenticate the application if no PINs are involved? Sorry, I wasn't clear

Re: Unattended reboots (was Re: The clouds are not random enough)

2009-08-03 Thread Ali, Saqib
If you (or anyone on this forum) know of technology that allows the application to gain access to the crypto-hardware after an unattended reboot - but can prevent an attacker from gaining access to those keys after compromising a legitimate ID on the machine This is the conundrum of the of

Re: Unattended reboots (was Re: The clouds are not random enough)

2009-08-03 Thread Philipp G├╝hring
Hi, If you (or anyone on this forum) know of technology that allows the application to gain access to the crypto-hardware after an unattended reboot - but can prevent an attacker from gaining access to those keys after compromising a legitimate ID on the machine - I'd welcome hearing about

Re: Unattended reboots (was Re: The clouds are not random enough)

2009-08-03 Thread Peter Gutmann
Arshad Noor arshad.n...@strongauth.com writes: If you (or anyone on this forum) know of technology that allows the application to gain access to the crypto-hardware after an unattended reboot - but can prevent an attacker from gaining access to those keys after compromising a legitimate ID on the

Unattended reboots (was Re: The clouds are not random enough)

2009-08-02 Thread Arshad Noor
a copy of a backup, say - can also get at. I would be very interested in learning what conclusions you came to, Jerry. It is my experience that even *with* tamper-resistant hardware (TPM, HSM, smartcard), the threat of breach is very high if the server is configured for unattended reboots