Hi Martin. Back from holiday, so a quick reply to this one.
> > Let us think a bit about that. Do we even want to store the shares > > in the HSM? What would be the benefits? Security/performance? > > I imagine a system where I take my input and give it to the HSM. It > would then secret share the input using its own secure randomness and > encrypt each share using the recepients public key. The encrypted > shares are then output form the HSM and sent over the network. [snip] > Ah, okay -- I only read some of the IBM pages which described the 4758 > unit as a something close to a general purpose computer: > > The IBM 4758 PCI Cryptographic Coprocessor encapsulates a 486-class > processing subsystem within a tamper-sensing and tamper-responding > environment where you can run security-sensitive processes. [...] > > (http://www.ibm.com/security/cryptocards/pcicc/overview.shtml) I have talked to IBM, and we are currently waiting for a license for the tool required to load application code into the IBM 4758 cards. We should get such a license at the beginning of august. The code is just basic C-code, so we can start writing the applications right now. The RSA encryption is available i the box, so it is just the secret share code that we need for now. > Also, as Ivan notes, the IBM 4758 will work well as a tool for keeping > shares secure when stored on disk waiting to be processed -- which is > another problem we have talked about... If we let the 4758 do all the secret sharing, it can keep the shares stored encrypted on disk, using an internal 3DES key, and the encryption of the shares would then be an internal part of the secret share mechanism in the 4758. Kind regards Brian Graversen _______________________________________________ viff-devel mailing list (http://viff.dk/) [email protected] http://lists.viff.dk/listinfo.cgi/viff-devel-viff.dk
