On 10/1/2014 7:44 PM, David Conrad wrote:

Mike,

On Oct 1, 2014, at 4:39 PM, Michael StJohns <msj@nthpermutation.com> wrote:
On 10/1/2014 7:26 PM, David Conrad wrote:
Gaining unauthorized access to that HSM would be “bad”,
This is one of those misperceptions that's important to correct quickly.
Fair enough. Poor wording. Apologies.
Gaining access to an HSM, along with its ignition keys would be bad.

Yes. I’d assumed this was understood.
so we’re probably not talking about storing the HSM under somebody’s bed.
Actually, why not?
Because it increases the risk of being able to gain full access since you only need to get the other half (the “unlocking credentials”).

AIRC the unlocking credentials for the HSM require something more than just a single smart card? You'd need to grab the HSM, plus enough of the unlocking credentials to enable the device.

It's mostly just a numbers game. I'm going to follow up on Richard's note with a more comprehensive discussion.

Regards,

-drc