V Fri, Jun 12, 2026 at 01:47:27PM +0200, Florian Weimer napsal(a): > Token2 sells something that has 100 slots, with the appropriate > interface to select it.
<https://www.token2.com/shop/product/pin-release3-3-usb-a-nonbranded-fido2-u2f-and-totp-security-key-with-pin-complexity-feature> claims "Maximum OTP Profiles: 50 TOTP/HOTP via the app + 1 HOTP via HID" which can mean anything, including that the seeds are stored in the application and encrypted with a key stored in the token, which I wouldn't be surprised because they cost "only" 22 EUR. Moreover, the need for an application connected to the device completely destroys the off-line/air-gap property of OTP you described as "supply chain integrity". They could sell "OTP calculators", which were popular in '90s, and get much better user experience, including the air gap. Finaly all these modern USB-powered TOTP generators have a problem that they lack a clock. Therefore they will never provide the off-line experience. > They claim it's programmable from Linux. I > don't know Red Hat supports it. > Only the FIDO part. OTP requires the application <https://www.token2.com/site/page/token2-companion-app-v2-user-manual> which is downloadable for Windows and MAC only. Linux is "comming soon" and sources nowhere. > > The problem is elegantly solved with asymetric keys where you can safely use > > a single key for inifinite number of services. TLS supports authenticating > > clients with X.509 certificate for ages. Yet almost nobody implements it. > > All > > Git hosting services support key authentication, yet they have a problem > > with > > X.509. I don't get it. > > Isn't this a bit like FIDO2? > Yes. FIDO2 was invented after web browser vendors ditched out log-out dialogues from their browsers, forced everybody to do the authentication in Javascript, and then found out that they need PKCS#11 in Javascript for managing asymmetric cryptography. Because nobody would pay the reimplementation, they came with a noncloning property as a selling pitch and hid FIDO2 behind a mandatory certification to squeze money from it, attempting to replace juicy business with traditional smart cards. While FIDO2 looks good (I don't know how mich it is independent from web browsers), I'm wary to invest into it as the prospect are not clear. Besides it needs maintaing yet another software stack, it can happen that FIDO2 dies out because governments have one foot in smart cards and the other foot explores mobile phone enclaves, completely ignoring FIDO2. > Asymmetric keys makes you depend on supply chain integrity, though. > With TOTP, exfiltration is more of theoretical possibility even if you > use a hardware token (it would have to have radio and maybe even a SIM > card for token recovery at scale). On-device key generation can produce > predictable or otherwise recoverable keys, and in some instances, the > public key bits are publicly available. This avoids the need for a > potential attacker to maintain direct communication with the token. > Yes, I also like this aspect of OTP. But as long as there are no ubiquitous OTP devices with multiple seeds and an air gap, it's easier to go with a software implementation. -- Petr
signature.asc
Description: PGP signature
-- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
