[jondubois]

The thing about security is that there is a point where you end up locking yourself out.

Locking your data to your hardware raises the question of what would happen if the hardware failed? Also at first glance this seems to introduce difficulties with scalability across multiple machines. Also it might make it difficult to switch between infrastructure providers.

The cost of this approach should be mentioned as a footnote.

Maybe the better solution is for society to support more small tech companies with smaller user bases that have fewer dissatisfied rogue employees to leak hashed passwords in the first place.

The root of the problem is not technical, it's political.

[mcpherrinm]

HSMs all have a way of enrolling multiple units into a shared state so that you can have them all be logically equivalent.

If possible, it's nice to keep an offline copy of your key material too. Maybe locked in a safe, gpg encrypted or something.

[cimnine]

Commercial HSM have ways of exporting the key they hold onto smartcards. Usually the keys are split onto a number of smartcards, let's say 3. For increased robustness, each third is written to two smartcards. (We now have 6 cards.) These smartcards each belong to one person, who is the only one knowing the PIN that protects the third of the key it holds. Each of these smartcards is then brought to different bank vault, sealed in tamper-proof bags.

To restore the key, you need to bring 3 out of 6 persons to the so-called key ceremony, and each has to bring his smartcard and his PIN.

The same mechanism can be used to provision multiple HSMs with the same key material. But there are other means to do this. As soon as two HSM share a common secret, also known as Key Sharing Key, they are able to exchange all key material they possess in a secure manner.

Some HSM don't even bother to store the keys they generate within the bounds of their hardware. Only it's master key is stored in it's hardware, any other key is encrypted with the master key and stored on a shared filesystem.

If this sounds artificial to you, let me assure you that such procedures are in place at various companies who deal with raw credit card data, at least in Europe. The EMV committee, the PCI organization and each issuer of credit card do mandate such procedures.

And they are very strict. We once had to ship HSMs back to the vendor, because at some point they were not supervised by at least two persons. (At least the documentation thereof was missing.)

[cimnine]

... because at some point they were not supervised by at least two persons, before it was taken into operation, that is. (Afterwards, they have to be locked into a rack that requires two different badges to open it's doors and which must have a CCTV system recording it at all times.)

[praxis23]

Smaller userbase means less damage for data holder (the company), not the actual damaged party (person, whose password is leaked). It's not the type of attack implemented on the threat vector that matters - you remove one, you introduce another, it's inevitable cycle of change. The problem is that this is a threat vector and it needs to be solved for no matter how large the sensitive dataset it.

So, yeah, the problem is political in a way that everyone is coming with their own agenda into it, which has little grounding in reality, yet affects decisions of many people substantially.