go a step further and you will get into key management devices like the HSMs and... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jaequery on Feb 22, 2018 \| parent \| context \| favorite \| on: "Pwned Passwords" V2 With Half a Billion Passwords go a step further and you will get into key management devices like the HSMs and/or the Amazon KMS. KMS cost almost next to nothing and it is pretty neat since its a web service, especially coming from the world of $40k+ Thales/Safenet HSM devices which are a pain to deal with (backups, rehash, redundancy).

sah2ed on Feb 22, 2018 [–]

Mind sharing how you currently use Amazon KMS in practice?

jaequery on Feb 24, 2018 | [–]

It was to meet the PCI-DSS Level-1 security standards for banking compliance. We'd store encrypted cards in one place and store the master keys in the AWS KSM to later decrypt it. But to retrieve the master keys, it goes through another layer of encryption.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact