[Cryptech Tech] Key extraction compromise in Safenet HSM

Róbert Kisteleki kistel at gmail.com
Sun Aug 16 12:14:50 UTC 2015

Previous message (by thread): [Cryptech Tech] Key extraction compromise in Safenet HSM
Next message (by thread): [Cryptech Tech] Key extraction compromise in Safenet HSM
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Interesting work.

While having a chat with Rob in Prague, the question of whether PKCS11
support is needed or not came up. I'm not fully convinced that the HSM
itself must support it. A viable alternative would be to use a
different API [*] for the actual interface to the HSM, in order to
keep the communication protocol as simple and specific as possible
(PKCS11 is anything but simple... as the example shows). This could be
the preferred way to interact with the HSM, while for legacy
applications one could supply a PKCS11-to-something interface library
instead.

[*] I'm sure it'd be possible to pick such an alternative

Robert

On Sat, Aug 15, 2015 at 2:05 PM, Jacob <jacob at edamaker.com> wrote:
> Key exploitation due to some particular usage scenario in PKCS#11.
>
> https://randomoracle.wordpress.com/2015/08/13/safenet-hsm-key-extraction-vulnerability-part-i/
>
>
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech

Previous message (by thread): [Cryptech Tech] Key extraction compromise in Safenet HSM
Next message (by thread): [Cryptech Tech] Key extraction compromise in Safenet HSM
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list