[Cryptech Tech] Key extraction compromise in Safenet HSM
Róbert Kisteleki
kistel at gmail.com
Sun Aug 16 12:14:50 UTC 2015
Interesting work.
While having a chat with Rob in Prague, the question of whether PKCS11
support is needed or not came up. I'm not fully convinced that the HSM
itself must support it. A viable alternative would be to use a
different API [*] for the actual interface to the HSM, in order to
keep the communication protocol as simple and specific as possible
(PKCS11 is anything but simple... as the example shows). This could be
the preferred way to interact with the HSM, while for legacy
applications one could supply a PKCS11-to-something interface library
instead.
[*] I'm sure it'd be possible to pick such an alternative
Robert
On Sat, Aug 15, 2015 at 2:05 PM, Jacob <jacob at edamaker.com> wrote:
> Key exploitation due to some particular usage scenario in PKCS#11.
>
> https://randomoracle.wordpress.com/2015/08/13/safenet-hsm-key-extraction-vulnerability-part-i/
>
>
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech
More information about the Tech
mailing list