If Intel/AMD have a backdoor into every PC and server, then so does the US gov't (NSA, CIA, FBI, etc.) and of course other uninvited hackers from even hostile countries.
And how did Western society just accept all of this anti-democratic craziness?
If you trust this YubiHSM but not Intel CPUs, then it is very useful since encryption/decryption occurs on the YubiHSM, not the connected CPU. Just plug it into a computer with a CPU you do trust first to get the official public key(s) for future verifications!
If you don't trust this YubiHSM because of the example of Intel CPUs, then please share at what point you do trust third party hardware, so we can discuss how to get to useful encryption from there.
Would you only trust RAM you wire-wrapped yourself?
Would you only trust a motherboard you built from 7400 series logic gates, each of which you personally verified using X-rays?
The line has to be drawn somewhere, but without knowing where you want to do so your comment serves mostly to hijack discussion (which is fine).
A HSM does make attacks more difficult, and that is important. On the other hand, computers without backdoors would be _the_ significant step, though, to change the game.
I fundamentally dislike Intel and AMD for their stance on this. And I'm not alone.
Western societies, so as not to upset the guise of freedom and personal rights to privacy, do so in secret but it's not exclusive to them. China publicly mandates government backdoors into their equipment too.
However that is no reason not to use good security otherwise.
> And how did Western society just accept all of this anti-democratic craziness?
Because people buy it voluntary.
EDIT: On further thought, the small form factor would be good for physical verification. I could get a good, high-quality server, plug this into the front USB port, and then use some sort of transparent epoxy to seal it in. Having it on the front of the server would make it easy to quickly confirm that it's in place (instead of hunting around the back of the server, and it would be small enough to seal into the USB port.
The performance specs [1] say "HMAC-SHA-(1|256): ~4ms avg" which I guess is for 256 bits [2], compared to [3] which list a 6th gen Skylake 3.1 GHz doing it at 535 MB/s.
[1]: https://www.yubico.com/products/yubihsm/
[2]: But I have no idea, perhaps this is a stupid interpretation, in which case I'll turn around and blame them for being unclear.
The SC4-HSM also includes dedicated I/O (a display and two buttons) which makes it more secure than the Yubikey.
Disclosure: this is my product.
>mdewinter(2016Jul): They [undisclosed HSM vendor] did, with undocumented commands, export the key from the device in an unencrypted format and loaded it into the other model so that we could continue our operation.
(The first comment I ever favorited on HN.)
I looked briefly but can anyone link to where to buy one? Thanks in advance (either way: "buy" link or no) for the info.
[0]: https://github.com/RaymiiOrg/gnuk/blob/master/README
[1]: http://www.fsij.org/gnuk/howto-make-gnuk-usb-token-by-stm32-...
Even most 'dedicated' systems do NOT have a direct link to the input terminals most of the times since they are simple usb keypads. Some smartcard readers for PC have pin-pads but this is rarely the case and they are way more expensive than a keyboard and a regular reader. The normal way is to process transaction data through the hsm, and onto the terminal after which the user has to see/check (on the terminal) if the data is correct. This is how the better (not best) Bank-transaction-verifiers work. A secure connection to the pinpad/terminal has and can be set up (either in advance, via a pre-known mechanism or ad-hoc), but there are some attack vectors there as well.
HSMs are not "MITM proof", the system at-large has to be. Using a HSM does not give you MITM proofness, but makes it sure the old-fashioned 'steal the private key and act like nothing happened' won't happen. Stupid design choices or even simple "call them and ask for a new intermediary certificate" sometimes cause more harm. You CA Root/CSP keys are safe but you are still screwed. Unless you steal the usb drive of course. There are still other ways to do a mitm though.
The main advantage is for small and medium businesses that they won't have to buy a hugely expensive ethernet/pcie HSMs from the known companies which are hugely overpriced (I have several on my desk and they range from 1-2K to 10K+, which are the cheap ones). It also helps with some legal compliance if YubiCo can get it FIPS 140-2 approved (which I doubt).
Considering they made it small, I guess they need to provide some form of duplication/backup since people are going to lose them.
> Most companies consider MITM an external compromise since the malicious actor is not on the machine itself or has no-longer access to the machine(s).
Securing HSM+Laptop is impossible compared to HSM. If laptop is secure, why even need HSM ?
> Even most 'dedicated' systems do NOT have a direct link to the input terminals most of the times since they are simple usb keypads. Some smartcard readers for PC have pin-pads but this is rarely the case and they are way more expensive than a keyboard and a regular reader.
If usbkeypad is not connected to a network and not attacked by evil maid, HSM+usbkeypad is still secure. But laptop is complex system, always connected to internet and has loosly regulated physical access.
> HSMs are not "MITM proof", the system at-large has to be.
Again if whole system is secure why need HSM ?
If user satisfy few conditions of using HSM, such as being rubberhose attack proof, the secrets MUST be secure irregardless of how insecure the larger system is.
This can be done using some ultra-slow homebrew whatever-level-you're-willing-to-trust custom hardware is necessary to satisfy the associated degree of paranoia.
Any user customization to HSM should be considered unsafe. The new system would be expensive and "brittle".
Yubico has a Type C Yubikey called the 4C Nano https://www.yubico.com/product/yubikey-4-series/#yubikey-4c-... of you're just looking for keys.
Though I can't see why you'd be so interested in a tiny HSM, could you tell me your use case?
(Disclosure: I once took a hardware product through the FIPS process)
https://en.wikipedia.org/wiki/FIPS_140-2#Security_levels
It's a subsection of the larger FIPS 140.
Tamper resistant/Tamper evident (and not being able to simply pop the hsm in your pocket while walking by) are important considerations around physical security.
These look great for home or SMB use, but wouldn't work in PCI-DSS or Classified environments.
https://www.yubico.com/support/knowledge-base/categories/art...
Presumably, the original YubiHSM sold well enough to justify the R&D to make the YubiHSM 2, even one that's not FIPS 140-2!
I've worked on several FIPS projects, and there's not a big demand for FIPS 140-2 unless the customer is handling government contracts and/or data. It's a good checkmark to have though.
This HSM has limited key storage capabilities to a hundred or so security objects.
The "pizza box vendors" stores hundreds to thousands of keys.
We typically employ key wrapping to reduce HSM key storage requirements, but only in certain situations.
It was also featured on HN: https://news.ycombinator.com/item?id=12053181
If you--not "we"--want a Kickstarter for something like this, you should go try it. It's much, much more difficult than you think, even without FIPS compliance.
