in order for the application to have access to the keys in
the crypto hardware upon an unattended reboot, the PINs to the hardware
must be accessible to the application.
The cards that I know about work differently -- you configure them to
allow unattended reboot, and then no PIN is involved.
Richard Salz wrote:
The cards that I know about work differently -- you configure them to
allow unattended reboot, and then no PIN is involved. This is a little
more secure, in that it requires a conscious decision to do this, as
opposed to sticking the PIN somewhere on the filesystem.
the software can get at at boot, an attacker who steals a
copy of a backup, say - can also get at.
Almost every e-commerce site (that needs to be PCI-DSS compliant) I've
worked with in the last few years, insists on having unattended
reboots.
I penned a recent blog about this fact at
http
Arshad Noor arshad.noor strongauth.com wrote:
to the keys, in order for the application to have access to the keys in
the crypto hardware upon an unattended reboot, the PINs to the hardware
must be accessible to the application. If the application has automatic
access to the PINs, then so
Arshad Noor wrote:
Almost every e-commerce site (that needs to be PCI-DSS compliant) I've
worked with in the last few years, insists on having unattended reboots.
Not only that but many will be multi-node High Availability cluster
systems as well or will be horizontally scaled. This means
All the HSMs I've worked with start their system daemons automatically;
but the applications using them must still authenticate themselves to
the HSM before keys can be used. How do the cards you've worked with
authenticate the application if no PINs are involved?
Sorry, I wasn't clear
If you (or anyone on this forum) know of technology that allows the
application to gain access to the crypto-hardware after an unattended
reboot - but can prevent an attacker from gaining access to those keys
after compromising a legitimate ID on the machine
This is the conundrum of the of
Hi,
If you (or anyone on this forum) know of technology that allows the
application to gain access to the crypto-hardware after an unattended
reboot - but can prevent an attacker from gaining access to those keys
after compromising a legitimate ID on the machine - I'd welcome hearing
about
Arshad Noor arshad.n...@strongauth.com writes:
If you (or anyone on this forum) know of technology that allows the
application to gain access to the crypto-hardware after an unattended reboot
- but can prevent an attacker from gaining access to those keys after
compromising a legitimate ID on the
a copy of a backup,
say - can also get at.
I would be very interested in learning what conclusions you came to,
Jerry. It is my experience that even *with* tamper-resistant hardware
(TPM, HSM, smartcard), the threat of breach is very high if the server
is configured for unattended reboots
10 matches
Mail list logo
