> restart required a hardware security module (HSM) smart card.
Out of curiosity, does anyone know why? My guess would be the PW DB would be encrypted with some token generated from this card.
I've had lots of "I have a secret and the server needs it" type problems but I've never been very happy with my solutions- smart cards seem like potentially an elegant solution.
This article highlights exactly why a HSM may be potentially elegant, but also really really dependant on embedding the process for using it in your operational processes (which would include performing that operation regularly to ensure it still works and that knowledge of its use is retained).
For a 'best effort' hosted internal service, this is not a good choice.
Out of curiosity, does anyone know why? My guess would be the PW DB would be encrypted with some token generated from this card.
I've had lots of "I have a secret and the server needs it" type problems but I've never been very happy with my solutions- smart cards seem like potentially an elegant solution.