Re: wanted: educate us please on key dongles
On Wed, Aug 30, 2017 at 12:17:33PM +0200, Marc Haber wrote:
> On Wed, Aug 30, 2017 at 10:09:38AM +0100, Jonathan McDowell wrote:
> > The Start is based on the GnuK and I think should be upgradable to do 4K
> > keys. The Pro uses a non-free smartcard internally for the RSA
> > operations. I believe the Start should also be capable of ECC, as per
> > the GnuK. It's possible Nitrokey haven't updated their firmware to
> > support this yet.
> I might be missing something, but I am wondering what a free hardware
> design will help here. I am not in a position to validate it anyway, and
> an USB token is unlikely to take any private data and phone it home.
> What do I gain from using the GnuK over a yubi- or nitrokey other than
> being able to say "yay, it's free"?
Assume you're passing a border, or otherwise have the token temporarily in
hands of someone nasty.
* with a non-backdoored token: there's no way to copy the key off the token,
the attacker may try their luck decapping, or try https://xkcd.com/538/
while keeping you in custody the whole time
* with Yubikey 4 (suspected): they send the secret handshake, get a copy of
the key, and you don't even know anything happened
⣾⠁⢰⠒⠀⣿⡁ Vat kind uf sufficiently advanced technology iz dis!?
⢿⡄⠘⠷⠚⠋⠀ -- Genghis Ht'rok'din