undefined | Better HN

0 pointsyammosk4d ago0 comments

What secret is controlled by one person? That's just not how businesses manage secrets.

0 comments

You are not consistent here. When talking about only needing a single signing key you say that is not subject to the whim of one person. When discussing an N-out-of-M scheme, you think that it's just down to the whims of whoever is in that group. That's just not how business manages secrets!

yammoskOP3d ago

I just don't think that keys would be accessible by only one person in either scenario for any large business. The article suggests this 3/5 key needed system prevents issues but I don't think so in practical terms. My suspicion is it thinks there is only one person per key but I think in any business scenario a team would have access to all of them negating the benefits. I don't think that's inconsistent, perhaps just my misunderstanding of what this proposed.

MattPalmer10863d ago

Ok, here's a scenario I have seen implemented before when dealing with HSMs and root CAs for a fairly serious PKI. You set up a 3 out of 5 share with each of the 5 keys stored on separate hardware tokens. The tokens are physically secured in safes, in tamper evident bags. To perform operations on the HSM, three out of the 5 tokens are required. The key custodians belong to different teams who can only open the safe for their token.

Now, you need to compromise at least 3 safes to do anything on the HSM. If a token is lost, stolen or damaged, there are still 2 others which can be used. Loss or theft of any two tokens does not compromise the HSM. Any unauthorised access to a token can be detected due to the tamper evident bag.

This gives you strong protection and assurance against any malicious insider or attacker. Having a single key (even if protected in a safe) is much weaker, and carries the risk of key loss (so you would have to have token backups, multiplying rather than dividing the risk).

j / k navigate · click thread line to collapse

0 comments

MattPalmer10863d ago

yammoskOP3d ago

MattPalmer10863d ago

j / k navigate · click thread line to collapse