It isn't impossible to unwrap a key from an nCipher system. Getting out the mast... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

mey on Jan 28, 2015 | parent | context | favorite | on: Amazon Starts Email Service for Companies

It isn't impossible to unwrap a key from an nCipher system. Getting out the master HSM key is harder but still possible. Really the important part if the steps required to get it out to prove authorization, aka a quorum on the security world. The quorum size is an implementation/configuration detail and only MS would know that on hand to speak to that depth.

rdl on Jan 28, 2015 [–]

If it can be done through policy they can be ordered to do it, but they don't have to physically subvert their hardware. (not a lawyer, but this is an opinion a lot of people have had...)

It depends on how you configure the HSMs whether you can extract and decrypt keys.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact