Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM
On Tue, Apr 12, 2016 at 7:26 PM, Ron Garretwrote: > This HSM is much more general-purpose than a U2F token. > Well, that's true, but it's also hundreds of times bigger than a token in the Yubikey "nano" form factor, which is actually convenient to keep permanently in the USB slot of a laptop. Your physical design seems pretty unwieldy for laptops (see also Yubico's keychain designs). Yubikey "nano" factor tokens like the NEO-n have also supported more general purposes than a U2F token (e.g. CCID interface, OpenPGP applets, see also PIV) I swear I'm not a paid shill for Yubico, but I'm a fan of small display-free hardware tokens. While a token like what you've built might provide Maximum Security under pessimistic threat models, its large size makes it look rather inconvenient to me. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM
On Apr 12, 2016, at 5:39 PM, Tony Arcieriwrote: > On Tue, Apr 12, 2016 at 8:28 AM, Ron Garret wrote: > Some hardware tokens have an input device built in (usually a push button, > sometimes a fingerprint sensor) which needs to be activated before the token > will operate, but these are still subject to phishing attacks > > Not to rain on your parade, but if you're talking about authentication > contexts, U2F solves the phishability problem by deriving domain-separated > keys per origin, so it's not possible for an attacker to leverage it for > phishing purposes. This HSM is much more general-purpose than a U2F token. It could be used as a standalone bitcoin wallet a la Trezor. It can be used to decrypt messages and display them on the built-in display so that even an adversary with root accesss to your laptop couldn’t read the cleartext. The firmware doesn’t support this yet, but it’s a mere matter of programming :-) But even U2F tokens can be phished for some value of “phished”. It’s true that you can’t extract the keys, but if an attacker owns your machine and you have a U2F token installed, the attacker can log into any site you can log into. Even if the token has a button you need to push to activate it, it’s probably not hard to fool most users into pushing the button to authorize an authentication for an attacker. With a display, the token can say, “You are about to authorize…” and describe exactly what it is that it is being asked to do so that you know what you’re authorizing in a way that an attacker cannot control even with a completely compromised client. rg ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Show Crypto: prototype USB HSM
On Tue, Apr 12, 2016 at 8:28 AM, Ron Garretwrote: > Some hardware tokens have an input device built in (usually a push button, > sometimes a fingerprint sensor) which needs to be activated before the > token will operate, but these are still subject to phishing attacks Not to rain on your parade, but if you're talking about authentication contexts, U2F solves the phishability problem by deriving domain-separated keys per origin, so it's not possible for an attacker to leverage it for phishing purposes. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography