What specifically gives the physical component better encryption than a pure software solution? It’s just a stream of data, anything hardware can do to it can also be done by software. Purpose-built hardware is generally faster than general-purpose hardware, but if you don’t mind the speed difference, the encrypted data should be just as secure whether a physical component was involved or its role was played by software.
I believe they are talking about systems that require the input of a … haha ‘closed source’ (meaning classified) physical hardware/software system that is completely non networked that requires a human being to be physically using /at least/ one entirely, totally sandboxxed device to complete the authentication process of accessing information on a networked device.
Kind of like an extremely more advanced version of the enigma machine + codebook system.
I may be wrong here though about specifically what they are referring to, I don’t actually have any actual experience with real milgrade cybersecurity stuff.
The sort of cheapo way to do something like this is something I’ve seen at various points in my tech industry career, basically a yubikey or similar devices.
From a birdeye view, nothing. And that’s not what the designation attempts to address. It’s not even about how fast the hardware is, as encryption doesn’t require lots of processing power and key delivery systems are relatively simple devices.
It’s about control. Encryption in general is robust and nobody directly tries to break the algorithm. Most breaches are done by bypassing the encryption entirely. By adding a hardware component, it makes it very difficult to do so. It also creates a one-way bridge for key delivery - once you put keys into the device you cannot remove it. The only option is to delete it. Most of the devices are also hardened - they emit no signals, resist interference, and have various preventions that will dump keys and software in the event the device is tampered with. Add to the fact that because it’s physical in nature and not some boogeyman subsystem buried deep in a server, you can point to it, tell someone to guard it, and put it in a vault. Most also have an accessible wipe button, which makes it easy to prioritize what gets destroyed if the need calls for it. There are many more things, but I think I made my point.
It’s still hard for the consumer market to have a physical component for encryption. Even for those that do, it’s still not robust enough. You can get legitimate military-grade encryption, with all its bells and whistles, but it’s incredibly expensive and requires specific requirements by the NSA. But afaik, there is no cheap alternative, and most of what you see being advertised is just marketing gibberish.
What specifically gives the physical component better encryption than a pure software solution? It’s just a stream of data, anything hardware can do to it can also be done by software. Purpose-built hardware is generally faster than general-purpose hardware, but if you don’t mind the speed difference, the encrypted data should be just as secure whether a physical component was involved or its role was played by software.
At least that’s how I understand it.
I believe they are talking about systems that require the input of a … haha ‘closed source’ (meaning classified) physical hardware/software system that is completely non networked that requires a human being to be physically using /at least/ one entirely, totally sandboxxed device to complete the authentication process of accessing information on a networked device.
Kind of like an extremely more advanced version of the enigma machine + codebook system.
I may be wrong here though about specifically what they are referring to, I don’t actually have any actual experience with real milgrade cybersecurity stuff.
The sort of cheapo way to do something like this is something I’ve seen at various points in my tech industry career, basically a yubikey or similar devices.
From a birdeye view, nothing. And that’s not what the designation attempts to address. It’s not even about how fast the hardware is, as encryption doesn’t require lots of processing power and key delivery systems are relatively simple devices.
It’s about control. Encryption in general is robust and nobody directly tries to break the algorithm. Most breaches are done by bypassing the encryption entirely. By adding a hardware component, it makes it very difficult to do so. It also creates a one-way bridge for key delivery - once you put keys into the device you cannot remove it. The only option is to delete it. Most of the devices are also hardened - they emit no signals, resist interference, and have various preventions that will dump keys and software in the event the device is tampered with. Add to the fact that because it’s physical in nature and not some boogeyman subsystem buried deep in a server, you can point to it, tell someone to guard it, and put it in a vault. Most also have an accessible wipe button, which makes it easy to prioritize what gets destroyed if the need calls for it. There are many more things, but I think I made my point.
It’s still hard for the consumer market to have a physical component for encryption. Even for those that do, it’s still not robust enough. You can get legitimate military-grade encryption, with all its bells and whistles, but it’s incredibly expensive and requires specific requirements by the NSA. But afaik, there is no cheap alternative, and most of what you see being advertised is just marketing gibberish.