|
|
|
|
|
|
by GekkePrutser
1686 days ago
|
|
|
Additionally, you can also elect to store the raw key yourself (in the form of a 64-digit number). In which case the HSM thing doesn't apply. The caveat is that they can't help you recover it, but in my opinion that's a feature, not a bug. Consider the mud puddle test. Of course we still have to take their word from it that the app doesn't secretly store this key somewhere. But I suppose this audit will validate that. I have to do a deep dive into it. The problem remains of course that this app can be modified at any time through the update mechanism. |
|
|