Open hardware security key?

Bill Cox waywardgeek at gmail.com
Mon Apr 27 15:12:20 BST 2015


I figure you guys already know what's going on in this space.  I am a fan
of the Yubikey, but since they've made it impossible to load your own keys,
you have to trust both Yubikey and NXP 100%.  They wont disclose how their
RNG works, and Yubikeys in the past have been known to generate the _same_
secret keys.

One great features of the Yubikey is it's touch sensor.  It refuses to do
signing or other operations without a human present to poke it.  This
rate-limits any malware attack greatly.  It also fits entirely into the USB
port, so it effectively becomes part of the machine without having to open
the case.  I want to use it with a password manager so that my real
password never leaves the machine, and my real password can't be used to
PWN my accounts, and my key-hashed password can't be generated without the
key.

Would there be any interest in developing an open-hardware version of this
device?

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20150427/2825c97e/attachment.html>


More information about the Discuss mailing list