![]() YubiHSM does not do RSA or DSA or any other algorithm relevant to asymmetric cryptography. At best he will be able to use the HSM to generate arbitrary signatures, but if the HSM is physically recovered then the attacker can know longer use the private key. Up to the tamper-resistance of the HSM and how bug-free its firmware is, this ensures that even if the host machine is fully hijacked by an attacker and/or the attacker has physical access to the CA machine, then the attacker will not obtain a copy of the private key. Usually, when using a HSM for a CA, we mean: the CA private key (usually RSA) is generated, stored and used within the HSM, and the HSM will commit honourable suicide rather than letting that key ever exit its entrails. So if the yubico breaks, I can use the cheapo backup until I receive the replacement yubico key.Technically no, although it depends on what you mean by "secure". I got this and a cheapo but we'll functioning basic key for ten bucks. Next.note you should have 2 keys for backup, but they don't have to be the same, not do you need two of these 5 series yubico. So the key I got was on a firmware from about a year ago and is missing a few profiles added to some security protocols I don't use. But they can't be updated in the field due to security issues. ![]() ![]() This key, like others you'll find for sale away from the manufacturer may have older key firmware with a bug or improperly implemented feature. ![]() Yubico, a company that drives the above standards extends those to additional protocols, a yubico authenticator app that works in conjunction with the key. ![]() Fido, fido2 and u2f are pretty well covered. Other than standard two factor logins with a key. I won't explain what it does, I presume folks know it's for higher login/data access above and beyond passwords. Good key, buy them on eBay to save $ but be advised. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |