As @rossjanderson and his colleagues have shown, HSMs aren't nearly as secure as they should be, either.
-
-
Yes but HSMs don’t have one billion deployed instances either, and the largest company in the history of the world throwing resources at them.
1 reply 0 retweets 1 like -
Replying to @matthew_d_green @SteveBellovin and
I guess my point here is that if Apple can’t make this work, then the HSM concept is fundamentally broken.
3 replies 2 retweets 5 likes -
"we can't do perfect, its fundamentally broken"?
1 reply 0 retweets 0 likes -
The HSM has one job, which is to keep sophisticated attackers from bypassing the core protections offered bythe HSM, and packaging that bypass into a commodity.
1 reply 0 retweets 1 like -
Replying to @matthew_d_green @ncweaver and
But more fundamentally, it’s based on the idea that somehow if we make the interface small enough, we can reduce attack surface to zero. This seems like a high-profile failure of that idea.
1 reply 0 retweets 1 like -
Replying to @matthew_d_green @ncweaver and
Maybe building a defect-free HSM in a consumer device is viable but just extraordinarily expensive. The space shuttle avionics were possibly bug free at the price of a ludicrous level of code review and quality control
2 replies 0 retweets 1 like -
-
Replying to @ericlaw @matthew_d_green and
Finite code contains finite bugs
1 reply 0 retweets 0 likes -
The possible interactions when dropped into the real world can become infinite quickly.
1 reply 0 retweets 0 likes
Also finite!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.