I evaluated and purchased a few Thales HSMs. At the time the difference between ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

Spooky23 on April 16, 2021 | parent | context | favorite | on: What I Wish I Knew About U2F and Other Hardware MF...

I evaluated and purchased a few Thales HSMs. At the time the difference between the FIPS and standard/dev editions was a bunch of cash and the spaces within the device were filled with epoxy and would erase if tampered with.

Software was the same, hardware looked the same. The crypto module is validated only with the $$ hardware.

Sometimes the non FIPS devices will have other algorithms not on the FIPS list.

1cvmask on April 17, 2021 [–]

Did you ever consider the Yubikey HSM at all as it’s much cheaper?

Spooky23 on April 17, 2021 | [–]

No, as at time they did not offer a FIPS device, which was a requirement. Another nice feature of the Thales is that you could use multiple smart cards to ensure that no one person can do certain things.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact