Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

http://www.coreboot.org/pipermail/coreboot/2015-February/079...

>This means the OEM are fusing SHA256 public key hashes into the southbridge.

SHA256 public keys, scary indeed.



SHA256 public key hashes


Maybe they meant "HMAC" or "Fingerprint".


Intel likes to use SHA256(pubkey) for their verification schemes. I guess that reduces the amount of storage while sufficiently secure.

Details are in http://apress.com/9781430265719


"Hash" is a perfectly valid term, although "fingerprint" would also be correct. "HMAC" is something else entirely.


You don't need an HMAC to verify a key or other blob of data, and isn't fingerprint a less technical term for hash?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: