Hacker News new | ask | show | jobs
by throwaway256346 733 days ago
I work with industrial HSMs (those expensive ones) on a daily basis and their SDKs are a bugfest (both client side and in-device). They are audited (FIPS140-2 and now 3 approved even!) but apperantly testing the firmware against the test vectors from the RFCs is too much too ask for...

Contacting support about broken firmware or broken documentation is a trip to tartarus in itself. Decompiling the libraries is usually faster to figure out what is wrong.

Don't put too much trust in them unless you really have to.
2 comments
riskable 733 days ago
The problem is that certification takes SO LONG and they're not allowed to change the firmware while it's being certified or afterwards. What this means that FIPS certification is an indication of an inherently insecure device.

It literally means it hasn't been receiving regular security patches/updates!

link
bdamm 732 days ago
Nobody actually runs HSMs in FIPS mode anyway. FIPS certification just means it can be run in a FIPS mode, and that it did at one time pass the certification. So while it is a very useful hurdle to jump over, it is impractical to use (for the same reasons you mention, and others).
link
hedora 732 days ago
The only time I've paid close attention to a FIPS certification process, they forced us to substantially weaken the security posture of our product by making it easier for attackers to exfiltrate keys in certain circumstances (the product was designed to be run in trusted environments, and there were many less-theoretical attack vectors, but the FIPS process didn't care about those).

Anyway, it hasn't been a useful hurdle to jump over in my experience. At this point, if a system has a FIPS compliance mode, that lowers my opinion of its real-world security properties. If someone voluntarily insists on using FIPS-compliant stuff, I assume they're completely incompetent in all matters, professional and personal (that heuristic has worked for me 100% of the time).

link
p_l 733 days ago
Any comments you could share about Luna HSM ones?

Recall seeing a lot of them as reasonably accessible in cloud and not only setups, thus my interest.

link