On Fri, Sep 28, 2012 at 8:13 AM, ianG wrote:
> Thanks for that - for a security risk analysis I did last year, I've added
> it to a small history of attacks and similar events against PKI:
> http://wiki.cacert.org/Risk/History
You also have http://www.mozilla.org/security/announce/2006/mfsa2006-60
ianG writes:
>from a risk analysis view, the sensible thing to do is to attack the
>bureaucracy not the HSM. The problem with attacking the HSM is that it
>becomes obvious, a property sometimes known as tamper-evidence. Either by
>stealing it or accessing it (I speculate the exploit pointed at b
On 29/09/12 08:48 AM, coderman wrote:
On Fri, Sep 28, 2012 at 5:13 AM, ianG wrote:
... a small history of attacks and similar events against PKI:
http://wiki.cacert.org/Risk/History
i'm curious to know if there are documented instances of HSM protected
private keys stolen via exploit against
coderman writes:
>i'm curious to know if there are documented instances of HSM protected
>private keys stolen via exploit against HSM firmware.
www.cl.cam.ac.uk/~mkb23/research/Chrysalis.pdf
Peter.
___
cryptography mailing list
cryptography@randombi
On Fri, Sep 28, 2012 at 5:13 AM, ianG wrote:
> ... a small history of attacks and similar events against PKI:
> http://wiki.cacert.org/Risk/History
i'm curious to know if there are documented instances of HSM protected
private keys stolen via exploit against HSM firmware.
there are a few fun vul
Thanks for that - for a security risk analysis I did last year, I've
added it to a small history of attacks and similar events against PKI:
http://wiki.cacert.org/Risk/History
iang
Ob-crypto: for serious crypto work, we are informed variously by a
business, risk and threat model. One element