Simon Fell
@superfell.bsky.social
Reposted by Simon Fell
So yesterday on X someone from X engineering tweeted at me that X does, in fact, use HSMs and the key ceremonies are “coming soon.” I’ve updated the post but I’ll be honest this whole thing doesn’t fill me with good feelings.
June 10, 2025 at 1:29 PM
So yesterday on X someone from X engineering tweeted at me that X does, in fact, use HSMs and the key ceremonies are “coming soon.” I’ve updated the post but I’ll be honest this whole thing doesn’t fill me with good feelings.
Regardless of how good or bad their Juicebox deployment is, at the end of the day, the client code has access to the unencrypted text and/or private key and can do whatever it wants with it.
June 10, 2025 at 3:39 PM
Regardless of how good or bad their Juicebox deployment is, at the end of the day, the client code has access to the unencrypted text and/or private key and can do whatever it wants with it.
And as you mention without an independently verified key ceremony, there's no way to know if the realm is running on commodity hardware, a poorly configured HSM that can leak keys, or a correctly configured HSM.
June 9, 2025 at 9:27 PM
And as you mention without an independently verified key ceremony, there's no way to know if the realm is running on commodity hardware, a poorly configured HSM that can leak keys, or a correctly configured HSM.
Juicebox had 2 realms running on real entrust HSMs managing billions of (test) keys. The impl is complete. That said I’m not aware of any deployments of it outside the ones Juicebox ran.
June 9, 2025 at 8:00 PM
Juicebox had 2 realms running on real entrust HSMs managing billions of (test) keys. The impl is complete. That said I’m not aware of any deployments of it outside the ones Juicebox ran.