[cryptography] Inappropriate Use of Adobe Code Signing Certificate

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Oct 1 04:21:53 EDT 2012


ianG <iang at iang.org> writes:

>from a risk analysis view, the sensible thing to do is to attack the
>bureaucracy not the HSM.  The problem with attacking the HSM is that it
>becomes obvious, a property sometimes known as tamper-evidence. Either by
>stealing it or accessing it (I speculate the exploit pointed at by Peter
>would have taken months of access).

The initial analysis, on a captive device, took a long time, but once that was
done the attack was applicable to any other device of that kind.

You're right though, in the case of an HSM (and that includes things like
smart cards) you don't bother attacking the device but attack the host that
controls it.  An external magic box totally controlled by a host that does
anything you want it to is only slightly more secure than having the magic-box
functions performed directly on the host.

Peter.



More information about the cryptography mailing list