> in order for the application to have access to the keys in
> the crypto hardware upon an unattended reboot, the PINs to the hardware
> must be accessible to the application.
The cards that I know about work differently -- you configure them to
allow unattended reboot, and then no PIN is involved. This is a little
more secure, in that it requires a conscious decision to do this, as
opposed to sticking the PIN somewhere on the filesystem.
/r$
--
STSM, DataPower CTO
WebSphere Appliance Architect
http://www.ibm.com/software/integration/datapower/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [email protected]
