Open-source HSM


#1

Open source hardware security module (HSM) for generating cryptogr[a]phically secure keys designed and built to alpha stage by SUNET and with support from Internet Society. Its very difficult to trust current HSM suppliers who are believed to have been compromised (suggested by Snowden docs).
If you have ever worked with HSMs for you will know how expensive they are and just how bloody awful they are to use.

So at the IETF 96 an “alpha” open-source HSM was shown (it is only a dev version):

The goal of the CrypTech project is to create an open-source hardware cryptographic engine that can be built by anyone from public hardware specifications and open-source firmware and operated without fees of any kind. The team working on the project is a loose international collective of engineers trying to improve assurance and privacy on the Internet. It is funded diversely and is administratively quartered outside the US.

https://cryptech.is/

The website: https://cryptech.is/ (It’s DNSSEC-signed and uses DANE BTW)
The presentation: https://www.ietf.org/proceedings/96/slides/slides-96-cfrg-4.pdf


This would be something for LE, would not it? :smiley: (when it is out of alpha, beta and so on of course…)

FYI: Currenly LE uses HSMs by Gemalto.


#2

Has Gemalto been compromised according to Snowden?


#3

$800 for an Alpha Board is a bit to much for me. When they can get in the <$100 dollar range I’d buy one.