The extreme version of this is using an HSM, and putting one in a safe deposit b... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		xxpor on March 24, 2022 \| parent \| context \| favorite \| on: If you’re not using SSH certificates you’re doing ... The extreme version of this is using an HSM, and putting one in a safe deposit box.

danuker on March 24, 2022 [–]

It's not so extreme, you have to trust the HSM manufacturer.

Try generating randomness using casino-grade dice, and xor-ing it with the HSM. Maybe then.

xxpor on March 24, 2022 | [–]

Now I'm wondering who's managed to pull off supply chain attacks on dice, since I'm sure it's happened already.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact