If you fail three consecutive login attempts as HSM Admin (also known as Security Officer or SO), the HSM contents are rendered unrecoverable. This is a meant to thwart repeated, unauthorized attempts to access your cryptographic material. The number is not adjustable. Please note that the system must actually receive some erroneous/false information before it logs a failed attempt -- if you merely forget to insert a PED Key (for Trusted Path HSMs), or inserted the wrong color key, that is not counted as a failed attempt. As soon as you successfully authenticate, the counter is reset to zero.
Comparison Summary
View a table that compares and contrasts various "deny access" events or actions that are sometimes confused. "Destroy" action/event scenarios (Right-click the link if you prefer that it not open in a new window.)
HSM Partition Owner or User
The same security feature applies to Owner logins/activations, with some differences:
Multiple failed attempts at the user or client level affect only the HSM Partition, and not the entire Luna SA HSM.
Configurable
The HSM Admin (or Security Officer) can set the number of failed login attempts that trigger the feature (default is 10).
Control the Outcome
The configurable policy “SO/HSM Admin can reset User PIN” [HSM policy #15] allows you to control the outcome of too many consecutive bad authentication attempts. If the policy is “on” then the outcome is that the HSM Partition is locked out. This means that the Partition and its contents can be accessed again after the HSM Admin resets the HSM Partition Owner’s password. If the policy is “off”, then the partition is zeroized after too many bad attempts – meaning that all contents become inaccessible and the partition must be recreated.
“Ignore failed challenge responses” can be set per partition, which ensures that failed HSM Partition Password attempts do not cause the “failed login attempt” counter to increment.
Crypto Officer / Crypto User
If you are using the Crypto Officer / Crypto User model, the two IDs have their own independent "failed challenge response" counters. By default, each of Crypto Officer and Crypto User can make up to 10 consecutive attempts with an incorrect Password without triggering consequences on the Partition.