[144673] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Unattended reboots (was Re: The clouds are not random enough)

daemon@ATHENA.MIT.EDU (Richard Salz)
Mon Aug 3 16:52:23 2009

In-Reply-To: <4A761A9D.6080106@strongauth.com>
To: Arshad Noor <arshad.noor@strongauth.com>
Cc: Cryptography <cryptography@metzdowd.com>
From: Richard Salz <rsalz@us.ibm.com>
Date: Sun, 2 Aug 2009 23:00:46 -0400

> in order for the application to have access to the keys in
> the crypto hardware upon an unattended reboot, the PINs to the hardware
> must be accessible to the application.

The cards that I know about work differently -- you configure them to 
allow unattended reboot, and then no PIN is involved.  This is a little 
more secure, in that it requires a conscious decision to do this, as 
opposed to sticking the PIN somewhere on the filesystem.

        /r$

--
STSM, DataPower CTO
WebSphere Appliance Architect
http://www.ibm.com/software/integration/datapower/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[144673] in cryptography@c2.net mail archive

Re: Unattended reboots (was Re: The clouds are not random enough)

daemon@ATHENA.MIT.EDU (Richard Salz)Mon Aug 3 16:52:23 2009

daemon@ATHENA.MIT.EDU (Richard Salz)
Mon Aug 3 16:52:23 2009