Open hardware security key?
Bill Cox
waywardgeek at gmail.com
Mon Apr 27 15:12:20 BST 2015
I figure you guys already know what's going on in this space. I am a fan
of the Yubikey, but since they've made it impossible to load your own keys,
you have to trust both Yubikey and NXP 100%. They wont disclose how their
RNG works, and Yubikeys in the past have been known to generate the _same_
secret keys.
One great features of the Yubikey is it's touch sensor. It refuses to do
signing or other operations without a human present to poke it. This
rate-limits any malware attack greatly. It also fits entirely into the USB
port, so it effectively becomes part of the machine without having to open
the case. I want to use it with a password manager so that my real
password never leaves the machine, and my real password can't be used to
PWN my accounts, and my key-hashed password can't be generated without the
key.
Would there be any interest in developing an open-hardware version of this
device?
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20150427/2825c97e/attachment.html>
More information about the Discuss
mailing list