[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wanted: educate us please on key dongles

On Wed, Aug 30, 2017 at 12:17:33PM +0200, Marc Haber wrote:
> On Wed, Aug 30, 2017 at 10:09:38AM +0100, Jonathan McDowell wrote:
> > The Start is based on the GnuK and I think should be upgradable to do 4K
> > keys. The Pro uses a non-free smartcard internally for the RSA
> > operations. I believe the Start should also be capable of ECC, as per
> > the GnuK. It's possible Nitrokey haven't updated their firmware to
> > support this yet.
> I might be missing something, but I am wondering what a free hardware
> design will help here. I am not in a position to validate it anyway, and
> an USB token is unlikely to take any private data and phone it home.
> What do I gain from using the GnuK over a yubi- or nitrokey other than
> being able to say "yay, it's free"?

Assume you're passing a border, or otherwise have the token temporarily in
hands of someone nasty.
* with a non-backdoored token: there's no way to copy the key off the token,
  the attacker may try their luck decapping, or try https://xkcd.com/538/
  while keeping you in custody the whole time
* with Yubikey 4 (suspected): they send the secret handshake, get a copy of
  the key, and you don't even know anything happened

⣾⠁⢰⠒⠀⣿⡁ Vat kind uf sufficiently advanced technology iz dis!?
⢿⡄⠘⠷⠚⠋⠀                                 -- Genghis Ht'rok'din

Reply to: