Security Key Comparison by Adam Langley

Embedded, ASICs, etc.
Post Reply
User avatar
nadim
Site Admin
Posts: 11
Joined: Tue Aug 15, 2017 7:57 pm
Location: Paris, France
Contact:

Fri Aug 18, 2017 11:52 am

Security Keys are (generally) USB-connected hardware fobs that are capable of key generation and oracle signing. Websites can “enroll” a security key by asking it to generate a public key bound to an “appId” (which is limited by the browser based on the site's origin). Later, when a user wants to log in, the website can send a challenge to the security key, which signs it to prove possession of the corresponding private key. By having a physical button, which must be pressed to enroll or sign, operations can't happen without user involvement. By having the security keys encrypt state and hand it to the website to store, they can be stateless(*) and robust.
https://www.imperialviolet.org/2017/08/ ... ykeys.html

markulf
Posts: 1
Joined: Fri Aug 18, 2017 3:32 pm

Fri Aug 18, 2017 3:35 pm

Nice summary, has anyone here tried one of these secure keys and can recommend one? :) Anyone tried to break them? :twisted:

User avatar
nadim
Site Admin
Posts: 11
Joined: Tue Aug 15, 2017 7:57 pm
Location: Paris, France
Contact:

Fri Aug 18, 2017 3:56 pm

markulf wrote:
Fri Aug 18, 2017 3:35 pm
Nice summary, has anyone here tried one of these secure keys and can recommend one? :) Anyone tried to break them? :twisted:
I've tried the Yubikey Nano and found it to be quite programmable and full-featured on Linux. I can't testify to its usefulness on other platforms.

I also wrote this kernel module for it back in the day:
Permakey is a Linux kernel module that watches until a defined USB device is removed from your computer and then wipes your RAM, deletes selected files, and turns off your computer.

Post Reply