[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] HSMs or Intel SGX? Which is harder to hack?

On Sun, Feb 19, 2017 at 12:00 AM, grarpamp <grarpamp AT gmail.com> wrote:

Note that some regard SGX


as having already been broke

That seems pretty weak: extracting the publicly visible metadata from a binary isn't a break.  That information was published.

 I actually am dropping SGX from the running because it cannot support what I call "dynamic defense".  A software-only attacker can force all the SGX secrets to be dumped to SRAM, though they are encrypted with the CPU's symmetric key.  An attacker can do this, and come back later and take her time extracting the secrets from the CPU.

This defeats any attempt to make secrets time-sensitive, meaning we want to force hackers to complete their work in a short period of time, or fail.  An HSM does not seem to have this problem.

The cryptography mailing list
cryptography AT metzdowd.com