On Wed, Aug 30, 2017 at 12:17:33PM +0200, Marc Haber wrote: > On Wed, Aug 30, 2017 at 10:09:38AM +0100, Jonathan McDowell wrote: > > The Start is based on the GnuK and I think should be upgradable to do 4K > > keys. The Pro uses a non-free smartcard internally for the RSA > > operations. I believe the Start should also be capable of ECC, as per > > the GnuK. It's possible Nitrokey haven't updated their firmware to > > support this yet. > > I might be missing something, but I am wondering what a free hardware > design will help here. I am not in a position to validate it anyway, and > an USB token is unlikely to take any private data and phone it home. > What do I gain from using the GnuK over a yubi- or nitrokey other than > being able to say "yay, it's free"?
Assume you're passing a border, or otherwise have the token temporarily in hands of someone nasty. * with a non-backdoored token: there's no way to copy the key off the token, the attacker may try their luck decapping, or try https://xkcd.com/538/ while keeping you in custody the whole time * with Yubikey 4 (suspected): they send the secret handshake, get a copy of the key, and you don't even know anything happened Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢰⠒⠀⣿⡁ Vat kind uf sufficiently advanced technology iz dis!? ⢿⡄⠘⠷⠚⠋⠀ -- Genghis Ht'rok'din ⠈⠳⣄⠀⠀⠀⠀
