[144674] in cryptography@c2.net mail archive
Re: Unattended reboots (was Re: The clouds are not random enough)
daemon@ATHENA.MIT.EDU (Arshad Noor)
Mon Aug 3 16:54:26 2009
Date: Sun, 02 Aug 2009 22:25:04 -0700
From: Arshad Noor <arshad.noor@strongauth.com>
To: Richard Salz <rsalz@us.ibm.com>
CC: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <OFCE5C93C2.921BB280-ON85257607.001056EC-85257607.00108B04@us.ibm.com>
Richard Salz wrote:
>
> The cards that I know about work differently -- you configure them to
> allow unattended reboot, and then no PIN is involved. This is a little
> more secure, in that it requires a conscious decision to do this, as
> opposed to sticking the PIN somewhere on the filesystem.
>
I'm not sure I'm following, Richard.
All the HSMs I've worked with start their system daemons automatically;
but the applications using them must still authenticate themselves to
the HSM before keys can be used. How do the cards you've worked with
authenticate the application if no PINs are involved?
Arshad Noor
StrongAuth, Inc.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
