Oddbean new post about | logout
Kevin Beaumont | 1 years ago (raw) | root | parent | reply | flag 
 Another one - Microsoft sell a HSM service to customers. Could they use it for their own services, maybe? https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/overview
e9c2496e | 1 years ago (raw) | root | parent | reply | flag 
 @f7d0478e they DO use HSMs

for their WINDOWS and XBOX signing keys
Kevin Beaumont | 1 years ago (raw) | root | parent | reply | flag 
 @1889f834 yeah, not sure this - and MSA is pretty important
e9c2496e | 1 years ago (raw) | root | parent | reply | flag 
 @f7d0478e the real wtf would be if they'd used something stupid like a sentinel HASP protection dongle as an "HSM" for encryption at rest but not in-memory
Kevin Beaumont | 1 years ago (raw) | root | parent | reply | flag 
 @1889f834 let’s just say they should investigate HSM solutions they sell 🤣