Tag Archives: hsm

AWS CloudHSM 支援 FIPS 140-2 Level 3 了

AWS CloudHSM 推出了一些新功能:「AWS CloudHSM Update – Cost Effective Hardware Key Management at Cloud Scale for Sensitive & Regulated Workloads」。 其中比較特別的是從以前只支援 Level 2 變成支援 Level 3 了: More Secure – CloudHSM Classic (the original model) supports the generation and use of … Continue reading

Posted in AWS, Cloud, Computer, Hardware, Murmuring, Network, Security, Service | Tagged , , , , , , , , , , , , | Leave a comment

Etsy 如何用 Let's Encrypt 的 SSL certificate 做生意...

Etsy 的「How Etsy Manages HTTPS and SSL Certificates for Custom Domains on Pattern」這篇文章講了如何用 Let's Encrypt 實作 Custom Domain。 主要是因為 Let's Encrypt 在設計時就考慮到的 auto-renew 機制,可以全自動處理後續的動作。這使得接 Let's Encrypt 比起接其他家來得容易 (而且省掉許多費用與合約上要處理的問題)。 文章後半段則是討論另外一個問題:當你有上千把 private key (& certificate) 時要怎麼管理,以確保這些 private key 都夠安全。其中有提到未來打算要引入 HSM: One of … Continue reading

Posted in Computer, Hardware, Murmuring, Network, Programming, Security, Software, WWW | Tagged , , , , , , , , , , , , , , , , | Leave a comment

Apple 打算把 iCloud 加密用的 Key 放到用戶端

在經過最近 FBI 與 Apple 的戰鬥中 (FBI–Apple encryption dispute),Apple 正規劃把 iCloud 加密所使用的 key 放到用戶端裝置上,而非放在伺服器端:「Apple to Hand iCloud Encryption Key Management to Account Holders」: In effect, Apple is following the lead of secure cloud services such as SpiderOak which has been offering … Continue reading

Posted in Cloud, Computer, Murmuring, Network, Political, Security, Software | Tagged , , , , , , , , , , , , , , , | Leave a comment

Amazon EC2 預定要推出的 Dedicated Hosts

Amazon EC2 愈定要推出新的購買方案:「Coming Soon – EC2 Dedicated Hosts」。 Dedicated Hosts 的租用是以整台主機為單位,以確保整台實體機器不會有其他人使用,對安全性的要求會比較好。這邊拿 c3.xlarge 來舉例,一次就是八台的費用:(這邊「八台」的數字是未定的,真正的數字要等正式公告上線後才知道) Each host has room for a predefined number of instances of a particular type. For example, a specific host could have room for eight c3.xlarge instances (this … Continue reading

Posted in AWS, Cloud, Computer, Hardware, Murmuring, Network, Security | Tagged , , , , , , , , , , , , , , , , , , | 1 Comment

AWS 的 CloudHSM...

AWS 推出 CloudHSM 服務:「AWS CloudHSM - Secure Key Storage and Cryptographic Operations」。 不便宜,看起來是為了需要 NIST FIPS 140-2 需求而設的吧?跑的是 Luna SA - Ethernet-Attached HSM,可以達到 Level 3 的安全性... 然後遇到安全性時的老問題,要怎麼 audit: Amazon claims that they have no access to keys stored on #AWS #CloudHSM, … Continue reading

Posted in AWS, Cloud, Computer, Hardware, Murmuring, Network, Security | Tagged , , , , , , , , | Leave a comment

RSA SecurID 800 被破...

在「Scientists crack RSA SecurID 800 tokens, steal cryptographic keys」這篇報導裡提到了已經有辦法從 RSA SecurID 800 內取出 secret key,方法將會在 CRYPTO 2012 上發表... (取自「RSA SecurID SID800 Authenticator Token」) 如果攻擊者可以碰觸到實體 token 並取出 secret key,他就可以準備一顆新的 token (HSM,Hardware security module) 把取出來的 secret key 灌進去,而原來的使用者不太容易會發現... 所以硬體式的 OTP 系統除了提供一次性密碼外,另外需要有能力阻擋從硬體取出 secret … Continue reading

Posted in Computer, Hardware, Murmuring, Security | Tagged , , , , , , , | Leave a comment