Re: wanted: educate us please on key dongles

To: debian-project@lists.debian.org
Subject: Re: wanted: educate us please on key dongles
From: Jonathan McDowell <noodles@earth.li>
Date: Wed, 30 Aug 2017 12:13:44 +0100
Message-id: <[🔎] 20170830111344.kzhbkxvnhluwr5vk@earth.li>
In-reply-to: <[🔎] 20170830105053.wvc5l3wr3uywqqf6@torres.zugschlus.de>
References: <[🔎] 20170802201629.orujsvrudooie7iy@angband.pl> <[🔎] 20170811124139.GL5972@earth.li> <[🔎] 20170829173435.6o2lgpktw2wglskk@torres.zugschlus.de> <[🔎] 20170830090938.2clqyis4svus2qp4@earth.li> <[🔎] 20170830101733.qfiulxq7gx4ctptt@torres.zugschlus.de> <[🔎] 20170830104213.qi3wxcgw6jobpilg@angband.pl> <[🔎] 20170830105053.wvc5l3wr3uywqqf6@torres.zugschlus.de>

On Wed, Aug 30, 2017 at 12:50:53PM +0200, Marc Haber wrote:
> On Wed, Aug 30, 2017 at 12:42:13PM +0200, Adam Borowski wrote:
> > * with Yubikey 4 (suspected): they send the secret handshake, get a
> > copy of the key, and you don't even know anything happened
> 
> That's a point, but I cannot validate whether the free hardware design
> running the free software crypto app isn't backdoored anyway due to
> lack of knowledge and expertise.

If you're not interested in anything where you're not able to do all of
the validation yourself, why are you asking us for advice only to then
say you don't see the point of the recommendations given?

At the risk of trying to teach my grandmother to suck eggs, the
advantage of an open hardware + software design is that even if you
yourself are unable to fully validate the security of the device there
is the opportunity for others to do so and share their findings.

(I do not claim to have done any security investigation of the GnuK
 code, but I have successfully built and installed it using only tools
 available in Debian.)

J.

-- 
/-\                             | No thanks, I'm already having one.
|@/  Debian GNU/Linux Developer |
\-                              |

Reply to:

Follow-Ups:
- Re: wanted: educate us please on key dongles
  - From: Marc Haber <mh+debian-project@zugschlus.de>

References:
- wanted: educate us please on key dongles
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: wanted: educate us please on key dongles
  - From: Jonathan McDowell <noodles@earth.li>
- Re: wanted: educate us please on key dongles
  - From: Marc Haber <mh+debian-project@zugschlus.de>
- Re: wanted: educate us please on key dongles
  - From: Jonathan McDowell <noodles@earth.li>
- Re: wanted: educate us please on key dongles
  - From: Marc Haber <mh+debian-project@zugschlus.de>
- Re: wanted: educate us please on key dongles
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: wanted: educate us please on key dongles
  - From: Marc Haber <mh+debian-project@zugschlus.de>

Prev by Date: Re: wanted: educate us please on key dongles
Next by Date: Re: wanted: educate us please on key dongles
Previous by thread: Re: wanted: educate us please on key dongles
Next by thread: Re: wanted: educate us please on key dongles
Index(es):
- Date
- Thread