Ask HN: Any Interest in a Personal HSM?
I've created an HSM that I'd price around $450 USD. Could be used for home or small office. I may setup a site and collect emails for pre-orders, but wanted to get a temperature here first.
It has:
- Encrypted root file system - Secure key storage and generation - Physical tamper detection - perimeter breach, accelerometer - Measures and authenticates identity of host device - Supports TLS client certificates and digital signatures - Precision Real Time Clock, battery backed - Full HTTPS API for communication
I think at $450 its a bit of a tough sell. Without history it is hard to sell it on the basis of the security aspect.
Especially when something like YubiHSM [1] is $650 and has relatively good support from an API standpoint. I may be wrong, but I don't see the market for HSMs as we see them today getting bigger.
I found that when people said they wanted HSMs, when you boiled down the requirements, they really were looking for a key management system. They didn't need it to be hardware based, but had it in their mind that they provided more security.
I think that with some of the new cloud services for key/secret management and the fact you can get HSMs if you really need to (I think AWS charges like $12k/year).