| |||||||||||||
LSS: Secure BootLSS: Secure BootPosted Sep 24, 2012 1:04 UTC (Mon) by Cyberax (✭ supporter ✭, #52523)In reply to: LSS: Secure Boot by nix Parent article: LSS: Secure Boot
All large companies use HSMs (Hardware Security Modules) to sign keys. They are guaranteed to be unhackable in _practice_, and that guarantee is backed by a very large sum that manufacturer would pay you in case of a breach.
(Log in to post comments)
LSS: Secure Boot Posted Sep 24, 2012 8:42 UTC (Mon) by nix (subscriber, #2304) [Link]
So... if MS's key gets compromised and a huge proportion of the world's machines are rendered unbootable... MS gets compensation? That's reassuring.
LSS: Secure Boot Posted Sep 24, 2012 18:24 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]
Well, the world's root DNS zone is also signed by a key in a HSM.
LSS: Secure Boot Posted Sep 25, 2012 8:20 UTC (Tue) by alonz (subscriber, #815) [Link] Yeah, that sure is reassuring. </sarcasm>Have you, perhaps, seen this? Or this (as applied to HSM's, considering the incompetence apparent from the first link)? I don't think HSM's are as magic as people expect them to be…
LSS: Secure Boot Posted Sep 25, 2012 8:29 UTC (Tue) by Cyberax (✭ supporter ✭, #52523) [Link]
Naw, HSMs are protected against trivial attacks like this. I know for a fact that a certain large HSM from a company which names begins with "T" has an intermediary buffer that holds data after the encryption for a random (and quite significant) amount of time before transmitting it to client.
|
|||||||||||||