@benjojo that one is hacked

@benjojo is the PayShield 9000 (that god awful incredibly slow incredibly expensive HSM that Thales used to sell on the basis that it was the last thing with a FIPS 140-2 certification covering triple-DES to the poor souls who’s compliance department required that) the satanic priest at the confession booth?

@benjojo Now I want a HSM. Do you see what you did to me?

@benjojo @hisold no you dont lol

@benjojo I've spent time living in everything but the "content neutral" column.

@benjojo love this

@benjojo
Okay but hear me out.

DNS is a HSM.

@benjojo @Foxboron less shocking than chrome pm

@f4grx @benjojo @Foxboron I need some form of modifier for the number of yubikeys.....

@benjojo Please infodump at me about what HSMs are

@zaire @benjojo A HSM in the high-level sense is a networked computer built on top of well-tested lab certified hardware, with a security-focused OS. They have limited access via some interface that is controlled by internal rules.

They are designed to hide and protect cryptographic material. Generally they will also have anti-tamper markings or anti-tamper mechanisms which may even destroy the cryptographic material if tampering is detected.

They are used in a manner of things. e-Passport security use HSMs in the gates which prevents anyone (including the operator) from tampering with it. Companies usually store signing keys in HSMs. HSMs secure smart metering systems. They secure mobile money payments. Pin issuing for payment cards is done by HSMs.

Around Europe, around 6000km of roads have a "cooperative intelligent transport system" for linking "vehicles, road users, service providers, and road operators" which also uses HSMs in some manner.

Some rail systems (five last I checked) use HSMs for signalling.

HSMs also fulfill many roles in airlines.

@benjojo @zaire sometimes we have sensitive cryptographic keys and we worry the computer can be hacked and the keys could get stolen. So an HSM is a magic box that you can put the keys in to keep them safe and secure, except it's actually just another computer that we've convinced ourselves can never be hacked, unlike other computers which sometimes can.

Also, now that the keys are secure, you need to authenticate yourself to the HSM to use them, and you do this by using another key that you store outside the HSM. Unless you can get another HSM to store that key in. It's HSMs all the way down, essentially

@benjojo it hurts

@benjojo The scary old box: The last person who knew how it worked left the company during a "restructuring" round a couple of years ago, there's no documentation for it, and somehow it still needs diskettes which nobody can find.

@RandamuMaki @benjojo
And the post-it with "do NOT switch off" and the pw on the back fell off.
We're fucked....

@benjojo @rysiek

Why does this chart make me think of the German #beA, part of electronic judicial/legal document exchange? I wonder... 😂

Warum muss ich bei dem Chart bloß an das deutsche #beA denken, Teil des elektronischen Rechtsverkehrs? Ich weiß es nicht... 😂

#ERV #HSM

@benjojo Sorry, can't find where to place my notebook with handwritten cryptographic keys that I stash under my pillow on the graph. I'll just assume it goes into the top left spot, right?

@benjojo brilliant