科技回声

15 条评论

benevol超过 7 年前

How useful are such measures when Intel has backdoored each and everyone of their CPUs with its "Intel Management Engine" [0] (and AMD has a similar mechanism)?If Intel/AMD have a backdoor into every PC and server, then so does the US gov't (NSA, CIA, FBI, etc.) and of course other uninvited hackers from even hostile countries.And how did Western society just accept all of this anti-democratic craziness?[0] <a href="https://libreboot.org/faq.html#intel" rel="nofollow">https://libreboot.org/faq.html#intel</a>

评论 #15609868 未加载

评论 #15609655 未加载

评论 #15608956 未加载

评论 #15609417 未加载

评论 #15610558 未加载

评论 #15609055 未加载

评论 #15609209 未加载

评论 #15609084 未加载

confounded超过 7 年前

What's the advantage of this over the ~$100 open source NitroKey HSM?<a href="https://www.nitrokey.com/files/doc/Nitrokey_HSM_English.pdf" rel="nofollow">https://www.nitrokey.com/files/doc/Nitrokey_HSM_English.pdf</a>

评论 #15608030 未加载

评论 #15608034 未加载

unwind超过 7 年前

No mention of the actual hardware (processor) they've used. I guess the bill of materials would be funny (although of course I realize that the value is in their expertise and software etc).The performance specs [1] say "HMAC-SHA-(1|256): ~4ms avg" which I guess is for 256 bits [2], compared to [3] which list a 6th gen Skylake 3.1 GHz doing it at 535 MB/s.[1]: <a href="https://www.yubico.com/products/yubihsm/" rel="nofollow">https://www.yubico.com/products/yubihsm/</a>[2]: But I have no idea, perhaps this is a stupid interpretation, in which case I'll turn around and blame them for being unclear.[3]: <a href="https://www.cryptopp.com/benchmarks.html" rel="nofollow">https://www.cryptopp.com/benchmarks.html</a>

Shtirlic超过 7 年前

I must add this post <a href="https://plus.google.com/+gregkroahhartman/posts/WK6ZLEhfQo5" rel="nofollow">https://plus.google.com/+gregkroahhartman/posts/WK6ZLEhfQo5</a> Is it open source? "Yubico has replaced all open-source components that made yubikey NEOs so awesome with proprietary closed-source code in Yubikey 4s"

lisper超过 7 年前

An even lower cost (and open-source) alternative:<a href="https://sc4.us/hsm" rel="nofollow">https://sc4.us/hsm</a>The SC4-HSM also includes dedicated I/O (a display and two buttons) which makes it more secure than the Yubikey.Disclosure: this is my product.

评论 #15612795 未加载

synicalx超过 7 年前

Never really touched one of these HSMs before, what happens if you're using one in production and it dies?

评论 #15611501 未加载

评论 #15608295 未加载

davidpelaez超过 7 年前

This is amazing and literally filling a void for companies aware of the benefits but lacking the budget. There's one last barrier though: how to use this in the cloud? A partnership with AWS to have this as a service would be amazing because their HSM offering is not affordable and also because for many compliance reasons companies use AWS (PCI DSS for example) and there would be no way to include HSM 2 there. Let's hope this happens!

hdhzy超过 7 年前

I hope te EdDSA curve 25519 support in YubiHSM2 means we'll see the curve also in Yubikeys (e.g. OpenPGP applet). Currently Yubico's OpenPGP supports only RSA but there are already tokens supporting this modern crypto [0].[0]: <a href="https://debconf17.debconf.org/talks/162/" rel="nofollow">https://debconf17.debconf.org/talks/162/</a>

评论 #15611473 未加载

wav-part超过 7 年前

How can HSMs be considered MITM-proof if does not have dedicated input system (touchscreen/keyboard) ?

评论 #15609524 未加载

评论 #15609953 未加载

gumby超过 7 年前

Think there's a chance we could get a Type C key someday that's as small as that (well, literally smaller, but I'm thinking something not much larger than the shell that will stick out of my machine about as much as that Type A one does.

评论 #15608401 未加载

评论 #15608410 未加载

babar超过 7 年前

How much of a market is there for HSMs that are not FIPS 140-2 certified?

评论 #15608240 未加载

评论 #15608089 未加载

评论 #15608331 未加载

评论 #15611984 未加载

xelxebar超过 7 年前

I know very little about hardware security. What are some of the issues that HSMs address that make R&D so challenging?

评论 #15611497 未加载

nikolay超过 7 年前

$650 is cheap?

评论 #15607996 未加载

评论 #15608153 未加载

评论 #15610410 未加载

yosito超过 7 年前

I bought a Yubico key once. The thing was so cheap that between the time I set it up and the first time I actually had to use it, it had disintegrated just from sitting in my pocket every day on my keychain. The plastic was brittle and fell apart piece by piece until eventually the electronics fell apart too.

评论 #15610409 未加载

xchaotic超过 7 年前

More generally why is this not $3. Can we get a Kickstarter for this please?

评论 #15609236 未加载

评论 #15608669 未加载

15 条评论

benevol超过 7 年前

评论 #15609868 未加载

评论 #15609655 未加载

评论 #15608956 未加载

评论 #15609417 未加载

评论 #15610558 未加载

评论 #15609055 未加载

评论 #15609209 未加载

评论 #15609084 未加载

confounded超过 7 年前

评论 #15608030 未加载

评论 #15608034 未加载

unwind超过 7 年前

Shtirlic超过 7 年前

lisper超过 7 年前

评论 #15612795 未加载

synicalx超过 7 年前

Never really touched one of these HSMs before, what happens if you're using one in production and it dies?

评论 #15611501 未加载

评论 #15608295 未加载

davidpelaez超过 7 年前

hdhzy超过 7 年前

评论 #15611473 未加载

wav-part超过 7 年前

How can HSMs be considered MITM-proof if does not have dedicated input system (touchscreen/keyboard) ?

评论 #15609524 未加载

评论 #15609953 未加载

gumby超过 7 年前

评论 #15608401 未加载

评论 #15608410 未加载

babar超过 7 年前

How much of a market is there for HSMs that are not FIPS 140-2 certified?

评论 #15608240 未加载

评论 #15608089 未加载

评论 #15608331 未加载

评论 #15611984 未加载

xelxebar超过 7 年前

I know very little about hardware security. What are some of the issues that HSMs address that make R&D so challenging?

评论 #15611497 未加载

nikolay超过 7 年前

$650 is cheap?

评论 #15607996 未加载

评论 #15608153 未加载

评论 #15610410 未加载

yosito超过 7 年前

评论 #15610409 未加载

xchaotic超过 7 年前

More generally why is this not $3. Can we get a Kickstarter for this please?

评论 #15609236 未加载

评论 #15608669 未加载

Yubico announces tiny, cheap YubiHSM 2

15 条评论

Yubico announces tiny, cheap YubiHSM 2

15 条评论