| Yubico Forum https://forum.yubico.com/ |
|
| Introduction https://forum.yubico.com/viewtopic.php?f=22&t=656 |
Page 1 of 1 |
| Author: | Fredrik-at-Yubico [ Wed Apr 06, 2011 3:23 pm ] |
| Post subject: | Introduction |
Everyone - meet YubiHSM. YubiHSM is the latest innovation from Yubico. It is Yubico's take on what an HSM should be like. Easy to use and affordable. Want to validate Yubico OTPs? YubiHSM is a one-stop solution for validation of up to 1024 YubiKeys with an internal database. YubiHSM can decrypt indefinite numbers of YubiKey's OTP's (if you have access to the token unique AES key that is) with secure storage of the AES keys on the host computer. The AES keys are only readable to the YubiHSM through the use of Authenticated Encryption with Associated Data (AEAD). Want to securely validate OATH tokens? The YubiHSM makes for an excellent security device in an OATH validation service by providing HMAC-SHA1 capabilities with the secret key secured inside AEADs. Want to securely validate plain text passwords? The YubiHSM can compare the decrypted contents of a previously generated AEAD and internally compare it with provided plain text. This makes it possible to generate an AEAD from a password (or better, from a PBKDF2 hash of a password) and then later on securely verify that the same password is presented by a user. Want random number seed? The YubiHSM includes a random number generator. Technical details in the YubiHSM manual. Want generic cryptography primitives? The YubiHSM provides AES ECB encrypt/decrypt/decrypt-compare, as well as HMAC-SHA1 with key stored in the YubiHSM (64 slots available for such keys). Keys can have associated permissions through an extensive set of flags, so a poor-mans asymmetric cryptography can be achieved with two or more YubiHSM's sharing the same key but possibly with different associated permissions (YubiHSM 1 can only encrypt, YubiHSM 2 can only decrypt). Want generic cryptography primitives with a twist? The YubiHSM provides AES ECB encrypt/decrypt/decrypt-compare, as well as HMAC-SHA1 - all leveraged with powerful key indirection where the secret key is stored in an AEAD and only ever decrypted inside the YubiHSM. For product information, see http://www.yubico.com/yubihsm/. For technical documentation, see http://static.yubico.com/var/uploads/YubiHSM%20Manual%202011-04-02.pdf. On behalf of the Yubico Team, Fredrik Thulin - YubiHSM product manager |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|