Talk:Hardware security module

Removing Advert flag from ?

I'll aim to update the section and pull the advert this weekend otherwise.

TrivialJim (talk) 18:16, 26 June 2012 (UTC)

• I had a quick skim through the history and I'm not sure that anything's changed since I added the flag. There a few phrases of concern peppered throughout the article. In that section the portion of particular concern is:

In this environment, SSL Acceleration HSMs may be employed. Typical[citation needed] performance numbers for these applications range from 50 to 1,000 1024-bit RSA signs/second, although some devices can reach numbers as high as +7,000 operations per second.

This statement is based upon many assumptions and suggests some kind of absolute. It looks like it has been planted based upon commercial HSM vendor statistics - possibly for sales purposes - and is not independently verifiable. That said, in my view much of the article leans this way.

prat (talk) 22:23, 26 June 2012 (UTC)

I'm inclined to think that the entire "History" section is one giant ad for Atalla & co. The word "Atalla" occurs 17 times on this page, and there's barely any mention of other players in the industry. I'm adding an {Advert} template until this is fixed, clarified, or has a few more neutral sources added.

82.25.151.250 (talk) 22:39, 16 November 2019 (UTC) Anonymous software dev, Edinburgh

Hardware Acceleration section dated?

I think perhaps the Hardware Acceleration section is dated at this point. In some cases a modern host processor is now faster than the embedded system chip in the HSM. For instance, nCipher no longer makes claims of acceleration on much of its hardware line (a new-ish laptop can keep up with their '4000' systems in digest calculation, for instance)

Jdmarshall (talk) 20:34, 29 February 2008 (UTC)

HSM same as Secure Cryptoprocessor?

Are "Hardware Security Module" and "secure cryptoprocessor" two names for the same thing, and so should be merged? --68.0.124.33 (talk) 22:59, 5 September 2008 (UTC)

I was suggesting exact same thing in secure cryptoprocessor discussion. KnowS (talk) 16:21, 23 September 2008 (UTC)

Changes by 201.82.33.70

Comparison table is outright vandalism/advertising. Other changes are of questionable quality. Who agrees with me that we need to reorganize table and perhaps revisit other edits? "HSM Main Uses" is a good start, can use some clarification (i.e. link & explain CA (Certificate Authority)).

   "The goals of an HSM are the: (a) secure generation, (b) secure storage, (c) and use of cryptographic and sensitive data material. HSMs provide both logical and physical protection of these materials from non-authorized use and potential adversaries."

Needs clarification. "Use of cryptographic and sensitive data" is too generic.

  Devices with no physical security usually are called Host Security Modules in opposition to Hardware Security Modules.

This is outright wrong. Host Security Module refers to Financial Transactions HSM, where HOST one of the key components in transaction processing.KnowS (talk) 16:55, 23 September 2008 (UTC)

Table is too large, right now a lot of columns are of questionable value. I suggest getting rid of following...

Vendor Country
ICP-Brasil ITI MCT-7 Sec. Level
Authentication
Connectivity
Requires Client License
Price range ($ = 10K)

... at the very least. Whole table is of questionable value. KnowS (talk) 19:54, 23 September 2008 (UTC)

Performance, tables, and other information

I think performance figures are quite outdated... better update...

Regarding the table, however I feel that there should be a comparison table somewhere in Wikipedia as it is quite difficult to find good information about these devices. Perhaps is table should be placed on a new wiki page.

In matter of fact, I think that there should be 3 tables, maybe based on given device main use... there is no point comparing SSL acceleration devices to PKI devices. Splitting the table would make the resulting tables with less columns and much more readable.

Robertogallo (talk) 19:39, 27 September 2008 (UTC)

HSM Vendors

I'm under the impression that having two huge images of FutureX products constitutes advertising. I would much prefer to see normal-sized images of major vendor HSMs.

Additionally links to HSM vendors can be added to the external links list, unless there are Wikipedia articles for the vendors. Nickntg (talk) 18:58, 30 June 2009 (UTC)

Tamper Proof / FIPS

This article does not discuss tamper resistant properties of HSMs and the FIPS hardware standards. A lot of embedded systems are now using HSMs to protect keys used to encrypt protected assets such as DRM in purchased media. IMO, this is what distinguishes an HSM from a "secure cryptoprocessor". —Preceding unsigned comment added by 208.71.237.254 (talk) 15:26, 4 January 2011 (UTC)

External links modified

Hello fellow Wikipedians,

I have just modified one external link on Hardware security module. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Added archive https://web.archive.org/web/20150526064340/https://www.paloaltonetworks.cn/documentation/pan-os/newfeaturesguide/section_2/chapter_1.html to https://www.paloaltonetworks.cn/documentation/pan-os/newfeaturesguide/section_2/chapter_1.html

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 04:49, 30 October 2017 (UTC)

TCP/IP model layers

In which layers does it work? Does it need to know where to deliever the data or is it just point to point so it doesn't read the data, just encrypt it. Galzigler (talk) 12:40, 25 February 2018 (UTC)

Various questions

This page seems to talk only about network-attached separate HSMs. It does not say much about HSMs that are PCIe cards that plug into your server.

Does the prominent picture of a specific vendor's HSM amount to advertising?

The "Current NIST FIPS-140 certificates" link in "External Links" points to FIPS 140-1, which has been superseded by FIPS 140-2. Perhaps a different link should be included?

--Wileyfh (talk) 17:40, 9 April 2018 (UTC)

Images

I'm seeing a history of attempts to replace the first image (cleanup early this year), often against a clear COI. I'm requesting partial protection. @Guy Macon: --Ronz (talk) 15:56, 14 August 2019 (UTC)

Seems to be very arbitrary method to choosing which images are appropriate for this page. Most images benefit the marketing of certain companies. — Preceding unsigned comment added by Smartguy0001 (talk • contribs) 16:50, 14 August 2019 (UTC)

Thanks for responding. I agree. I simply switched back to what we had early this year.

Why do you prefer the two you offered? Is there one clear standout product, or maybe a historical product, that we could use?

I'll look around for ways to get help. --Ronz (talk) 18:02, 14 August 2019 (UTC)

I've requested help at Wikipedia_talk:WikiProject_Computer_Security#What_images_should_be_used_in_Hardware_security_module?. I'll look for other venues if needed. --Ronz (talk) 17:00, 15 August 2019 (UTC)

I didn't see any pictures on the current version of the article so came here to ask if anyone would like me to take a picture of the devices I have. (First thing that came to mind was a USB token containing a code signing certificate that I received from a CA.) I'm not associated with the makers of HSMs so don't have COI. I just think it would be helpful to see some pictures because it is too easy to get acronyms confused (e.g. I get HSMs and TPMs mixed up frequently https://security.stackexchange.com/questions/88744/what-are-the-differences-between-tpm-and-hsm). Perhaps we could add a collage of multiple types of devices that avoids showing brands? Jrquant (talk) 17:17, 24 July 2020 (UTC)

A Commons file used on this page or its Wikidata item has been nominated for deletion

The following Wikimedia Commons file used on this page or its Wikidata item has been nominated for deletion:

• IBM4767.png

Participate in the deletion discussion at the nomination page. —Community Tech bot (talk) 07:41, 30 June 2021 (UTC)