Talk:Hardware security module
|WikiProject Computer Security / Computing||(Rated Start-class, Mid-importance)|
Removing Advert flag from ?
I'll aim to update the section and pull the advert this weekend otherwise.
- I had a quick skim through the history and I'm not sure that anything's changed since I added the flag. There a few phrases of concern peppered throughout the article. In that section the portion of particular concern is:
- In this environment, SSL Acceleration HSMs may be employed. Typical performance numbers for these applications range from 50 to 1,000 1024-bit RSA signs/second, although some devices can reach numbers as high as +7,000 operations per second.
- This statement is based upon many assumptions and suggests some kind of absolute. It looks like it has been planted based upon commercial HSM vendor statistics - possibly for sales purposes - and is not independently verifiable. That said, in my view much of the article leans this way.
Hardware Acceleration section dated?
I think perhaps the Hardware Acceleration section is dated at this point. In some cases a modern host processor is now faster than the embedded system chip in the HSM. For instance, nCipher no longer makes claims of acceleration on much of its hardware line (a new-ish laptop can keep up with their '4000' systems in digest calculation, for instance)
HSM same as Secure Cryptoprocessor?
- I was suggesting exact same thing in secure cryptoprocessor discussion. KnowS (talk) 16:21, 23 September 2008 (UTC)
Changes by 188.8.131.52
Comparison table is outright vandalism/advertising. Other changes are of questionable quality. Who agrees with me that we need to reorganize table and perhaps revisit other edits? "HSM Main Uses" is a good start, can use some clarification (i.e. link & explain CA (Certificate Authority)).
"The goals of an HSM are the: (a) secure generation, (b) secure storage, (c) and use of cryptographic and sensitive data material. HSMs provide both logical and physical protection of these materials from non-authorized use and potential adversaries."
Needs clarification. "Use of cryptographic and sensitive data" is too generic.
Devices with no physical security usually are called Host Security Modules in opposition to Hardware Security Modules.
Table is too large, right now a lot of columns are of questionable value. I suggest getting rid of following...
Vendor Country ICP-Brasil ITI MCT-7 Sec. Level Authentication Connectivity Requires Client License Price range ($ = 10K)
Performance, tables, and other information
I think performance figures are quite outdated... better update...
Regarding the table, however I feel that there should be a comparison table somewhere in Wikipedia as it is quite difficult to find good information about these devices. Perhaps is table should be placed on a new wiki page.
In matter of fact, I think that there should be 3 tables, maybe based on given device main use... there is no point comparing SSL acceleration devices to PKI devices. Splitting the table would make the resulting tables with less columns and much more readable.
I'm under the impression that having two huge images of FutureX products constitutes advertising. I would much prefer to see normal-sized images of major vendor HSMs.
Tamper Proof / FIPS
This article does not discuss tamper resistant properties of HSMs and the FIPS hardware standards. A lot of embedded systems are now using HSMs to protect keys used to encrypt protected assets such as DRM in purchased media. IMO, this is what distinguishes an HSM from a "secure cryptoprocessor". —Preceding unsigned comment added by 184.108.40.206 (talk) 15:26, 4 January 2011 (UTC)