V Fri, Jun 12, 2026 at 01:47:27PM +0200, Florian Weimer napsal(a):
> Token2 sells something that has 100 slots, with the appropriate
> interface to select it.

<https://www.token2.com/shop/product/pin-release3-3-usb-a-nonbranded-fido2-u2f-and-totp-security-key-with-pin-complexity-feature>
claims "Maximum OTP Profiles: 50 TOTP/HOTP via the app + 1 HOTP via HID" which
can mean anything, including that the seeds are stored in the application and
encrypted with a key stored in the token, which I wouldn't be surprised
because they cost "only" 22 EUR.

Moreover, the need for an application connected to the device completely
destroys the off-line/air-gap property of OTP you described as "supply chain
integrity". They could sell "OTP calculators", which were popular in '90s,
and get much better user experience, including the air gap.

Finaly all these modern USB-powered TOTP generators have a problem that they
lack a clock. Therefore they will never provide the off-line experience.

> They claim it's programmable from Linux.  I
> don't know Red Hat supports it.
>
Only the FIDO part. OTP requires the application
<https://www.token2.com/site/page/token2-companion-app-v2-user-manual> which
is downloadable for Windows and MAC only. Linux is "comming soon" and sources
nowhere.

> > The problem is elegantly solved with asymetric keys where you can safely use
> > a single key for inifinite number of services. TLS supports authenticating
> > clients with X.509 certificate for ages. Yet almost nobody implements it. 
> > All
> > Git hosting services support key authentication, yet they have a problem 
> > with
> > X.509. I don't get it.
> 
> Isn't this a bit like FIDO2?
> 
Yes. FIDO2 was invented after web browser vendors ditched out log-out
dialogues from their browsers, forced everybody to do the authentication in
Javascript, and then found out that they need PKCS#11 in Javascript for
managing asymmetric cryptography. Because nobody would pay the
reimplementation, they came with a noncloning property as a selling pitch and
hid FIDO2 behind a mandatory certification to squeze money from it, attempting
to replace juicy business with traditional smart cards.

While FIDO2 looks good (I don't know how mich it is independent from web
browsers), I'm wary to invest into it as the prospect are not clear. Besides
it needs maintaing yet another software stack, it can happen that FIDO2 dies
out because governments have one foot in smart cards and the other foot
explores mobile phone enclaves, completely ignoring FIDO2.

> Asymmetric keys makes you depend on supply chain integrity, though.
> With TOTP, exfiltration is more of theoretical possibility even if you
> use a hardware token (it would have to have radio and maybe even a SIM
> card for token recovery at scale).  On-device key generation can produce
> predictable or otherwise recoverable keys, and in some instances, the
> public key bits are publicly available.  This avoids the need for a
> potential attacker to maintain direct communication with the token.
> 
Yes, I also like this aspect of OTP. But as long as there are no ubiquitous
OTP devices with multiple seeds and an air gap, it's easier to go with
a software implementation.

-- Petr

Attachment: signature.asc
Description: PGP signature

-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to