[149141] in cryptography@c2.net mail archive
Re: [Cryptography] HSM's
daemon@ATHENA.MIT.EDU (Thierry Moreau)
Mon Jan 20 14:19:04 2014
X-Original-To: cryptography@metzdowd.com
Date: Mon, 20 Jan 2014 13:42:54 -0500
From: Thierry Moreau <thierry.moreau@connotech.com>
To: John Kelsey <crypto.jmk@gmail.com>
In-Reply-To: <9486EB4A-BDEA-4FF4-81CE-00F43E59B56D@gmail.com>
Cc: Jerry Leichter <leichter@lrw.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>,
Bill Frantz <frantz@pwpconsult.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
John Kelsey wrote:
>> On Jan 19, 2014, at 2:49 PM, Thierry Moreau <thierry.moreau@connotech.com> wrote:
>>
> ...
>> A final note: Anyone aware of an HSM vendor that did not follow NIST advice in their engineering? Maybe the HSM concept is just dead after the Snowden revelations.
>
> I'm sure you can find some HSM out there that uses single-DES or a homegrown cipher instead of AES, MD5 instead of SHA1 or SHA2, 768-bit RSA keys, etc. So, yeah, I'm sure you can find someone who will sell you an HSM that ignores NIST recommendations.
>
Good joke!
"Industry best practice" suffices for avoiding known weak algorithms and
crypto parameter sizes, given a knowledgeable customer organization.
Also thanks for pointing to the vagueness of my previous post. Let me
attempt to clarify.
NIST-independent HSMs could aim at certification per
CEN WORKSHOP AGREEMENT, "Security Requirements for Trustworthy Systems
Managing Certificates for Electronic Signatures - Part 1: System
Security Requirements" CWA 14167-1, June 2003 (and other parts and
related documents).
My original question hinted at a very very small market for this idea of
a NIST-independent HSM.
NIST-independent HSM designed and build at arms' length with the US
jurisdiction might be less subject to NSA backdoors. Obviously I'm just
speculating with these words but you might see my point.
Regards,
- Thierry Moreau
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
