On Tue, Apr 12, 2016 at 08:12:52PM -0700, Tony Arcieri wrote: > On Tue, Apr 12, 2016 at 7:26 PM, Ron Garret <r...@flownet.com> wrote: > Well, that's true, but it's also hundreds of times bigger than a token in > the Yubikey "nano" form factor, which is actually convenient to keep > permanently in the USB slot of a laptop. Your physical design seems pretty > unwieldy for laptops (see also Yubico's keychain designs). > > Yubikey "nano" factor tokens like the NEO-n have also supported more > general purposes than a U2F token (e.g. CCID interface, OpenPGP applets, > see also PIV) > > I swear I'm not a paid shill for Yubico, but I'm a fan of small > display-free hardware tokens. While a token like what you've built might > provide Maximum Security under pessimistic threat models, its large size > makes it look rather inconvenient to me.
coincidentally i'm hacking on a similar device for quite some time. and while one of my design goals was to have my keys always on me, even in the sauna. there's another hard requirement, which is kinda conflicting with having a device so small to always keep it in the usb plugged. this requirement is to have the unlocking of the key material depend only on the usb device not on the usb host. if i have to enter my password to unlock the keys on the pc, any finfisher/hackingteam malware can duplicate my password and use it itself. so the i need some kind of passphrase entry on the device. and with this requirement the UX actually favors bigger designs, with displays. my two approaches are 1/ using chording a la guitar hero, you learn your passphrase using muscle memory and play the hex digits of it on 4 buttons. this device is about 3x7cm big. 2/ i have the board in the exact format of a nokia 3310, and can switch the original board with my and use the nokias display and keyboard with 16 keys for entry of passphrases. however latter design is not suitable for saunas. the smaller design however could be enclosed like this: http://cryptomuseum.com/crypto/philips/aroflex2/img/301412/005/full.jpg http://cryptomuseum.com/crypto/philips/aroflex2/img/301411/003/full.jpg http://cryptomuseum.com/crypto/philips/aroflex2/img/301412/000/full.jpg http://cryptomuseum.com/crypto/philips/aroflex2/img/301412/009/full.jpg i also understand that a small device in a usb slot is nice, but it also encourages continuous contact between the keystore and an untrusted device. i rather unplug my keystore when it's not needed. as a shameless plug, my designs are already in production, and will available in small quantities this summer. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography