Talk:Hardware security module

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computer Security / Computing  (Rated Start-class, Mid-importance)
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Mid  This article has been rated as Mid-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
 

Removing Advert flag from ?[edit]

I'll aim to update the section and pull the advert this weekend otherwise.

TrivialJim (talk) 18:16, 26 June 2012 (UTC)

  • I had a quick skim through the history and I'm not sure that anything's changed since I added the flag. There a few phrases of concern peppered throughout the article. In that section the portion of particular concern is:
In this environment, SSL Acceleration HSMs may be employed. Typical[citation needed] performance numbers for these applications range from 50 to 1,000 1024-bit RSA signs/second, although some devices can reach numbers as high as +7,000 operations per second.
This statement is based upon many assumptions and suggests some kind of absolute. It looks like it has been planted based upon commercial HSM vendor statistics - possibly for sales purposes - and is not independently verifiable. That said, in my view much of the article leans this way.
prat (talk) 22:23, 26 June 2012 (UTC)

Hardware Acceleration section dated?[edit]

I think perhaps the Hardware Acceleration section is dated at this point. In some cases a modern host processor is now faster than the embedded system chip in the HSM. For instance, nCipher no longer makes claims of acceleration on much of its hardware line (a new-ish laptop can keep up with their '4000' systems in digest calculation, for instance)

Jdmarshall (talk) 20:34, 29 February 2008 (UTC)

HSM same as Secure Cryptoprocessor?[edit]

Are "Hardware Security Module" and "secure cryptoprocessor" two names for the same thing, and so should be merged? --68.0.124.33 (talk) 22:59, 5 September 2008 (UTC)

I was suggesting exact same thing in secure cryptoprocessor discussion. KnowS (talk) 16:21, 23 September 2008 (UTC)

Changes by 201.82.33.70[edit]

Comparison table is outright vandalism/advertising. Other changes are of questionable quality. Who agrees with me that we need to reorganize table and perhaps revisit other edits? "HSM Main Uses" is a good start, can use some clarification (i.e. link & explain CA (Certificate Authority)).

   "The goals of an HSM are the: (a) secure generation, (b) secure storage, (c) and use of cryptographic and sensitive data material. HSMs provide both logical and physical protection of these materials from non-authorized use and potential adversaries."

Needs clarification. "Use of cryptographic and sensitive data" is too generic.

  Devices with no physical security usually are called Host Security Modules in opposition to Hardware Security Modules.

This is outright wrong. Host Security Module refers to Financial Transactions HSM, where HOST one of the key components in transaction processing.KnowS (talk) 16:55, 23 September 2008 (UTC)

Table is too large, right now a lot of columns are of questionable value. I suggest getting rid of following...

Vendor Country
ICP-Brasil ITI MCT-7 Sec. Level
Authentication
Connectivity
Requires Client License
Price range ($ = 10K)

... at the very least. Whole table is of questionable value. KnowS (talk) 19:54, 23 September 2008 (UTC)

Performance, tables, and other information[edit]

I think performance figures are quite outdated... better update...

Regarding the table, however I feel that there should be a comparison table somewhere in Wikipedia as it is quite difficult to find good information about these devices. Perhaps is table should be placed on a new wiki page.

In matter of fact, I think that there should be 3 tables, maybe based on given device main use... there is no point comparing SSL acceleration devices to PKI devices. Splitting the table would make the resulting tables with less columns and much more readable.

Robertogallo (talk) 19:39, 27 September 2008 (UTC)

HSM Vendors[edit]

I'm under the impression that having two huge images of FutureX products constitutes advertising. I would much prefer to see normal-sized images of major vendor HSMs.

Additionally links to HSM vendors can be added to the external links list, unless there are Wikipedia articles for the vendors. Nickntg (talk) 18:58, 30 June 2009 (UTC)

Tamper Proof / FIPS[edit]

This article does not discuss tamper resistant properties of HSMs and the FIPS hardware standards. A lot of embedded systems are now using HSMs to protect keys used to encrypt protected assets such as DRM in purchased media. IMO, this is what distinguishes an HSM from a "secure cryptoprocessor". —Preceding unsigned comment added by 208.71.237.254 (talk) 15:26, 4 January 2011 (UTC)