Whoa, this seems horrifying. One (selfish) question I have is whether this can a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mpyne on April 7, 2014 \| parent \| context \| favorite \| on: The Heartbleed Bug Whoa, this seems horrifying. One (selfish) question I have is whether this can affect primary key material stored in an HSM. I'm assuming not, but that the session key generated by the HSM would still be susceptible.

ctz on April 7, 2014 [–]

If you are using a HSM your long-term authenticity key won't be in the memory space of the process with openssl inside it. So that should be OK.

However, everything else in that process (like, all the traffic you were hoping to protect) is basically toast.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact