[Opendnssec-user] HSM size
jakob at kirei.se
Sat Dec 22 23:18:13 CET 2012
On 22 dec 2012, at 23:10, Paul Wouters <paul at nohats.ca> wrote:
> On Sat, 22 Dec 2012, Jakob Schlyter wrote:
> However, I haven't heard from HSM vendors if they are not vulnerable to
> the various padding oracle attacks, and the HSMs I've looked at, do not
> support disabling encryption and only allow signing of data. So I'm not
> convinced an HSM even brings you this security.....
The AEP keyper can disable encryption.
>> There are of course other nice properties, such as speed, but IMHO those are secondary.
> For those who want slower speed?
Unless you cluster a bunch of SCA/6000 or SafeNet LUNA SA - that's speed.
More information about the Opendnssec-user