[149133] in cryptography@c2.net mail archive
Re: [Cryptography] HSM's
daemon@ATHENA.MIT.EDU (John Kelsey)
Mon Jan 20 12:29:57 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <52DC2C50.3020606@connotech.com>
From: John Kelsey <crypto.jmk@gmail.com>
Date: Mon, 20 Jan 2014 12:24:17 -0500
To: Thierry Moreau <thierry.moreau@connotech.com>
Cc: Jerry Leichter <leichter@lrw.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>,
Bill Frantz <frantz@pwpconsult.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
> On Jan 19, 2014, at 2:49 PM, Thierry Moreau <thierry.moreau@connotech.com> wrote:
>
...
> A final note: Anyone aware of an HSM vendor that did not follow NIST advice in their engineering? Maybe the HSM concept is just dead after the Snowden revelations.
I'm sure you can find some HSM out there that uses single-DES or a homegrown cipher instead of AES, MD5 instead of SHA1 or SHA2, 768-bit RSA keys, etc. So, yeah, I'm sure you can find someone who will sell you an HSM that ignores NIST recommendations.
> - Thierry Moreau
--John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
