[cryptography] *.google.com certificate issued by DigiNotar

Marsh Ray marsh at extendedsubset.com
Fri Sep 2 14:50:44 EDT 2011


On 09/02/2011 12:55 PM, coderman wrote:
>
> the next escalation will be sploiting private keys out of hardware
> security modules presumed impervious to such attacks.
>
> given the quality of HSM firmwares they're lucky cost is somewhat a
> prohibiting factor for attackers.
>
> authority in the wild, not just certs. :P

Why would they need to?

What's the difference between a private key in the wild and a pwned CA 
that, even months after a breakin and audit, doesn't revoke or even know 
what it signed?

(This is a serious question)

- Marsh



More information about the cryptography mailing list