On Apr 14, 2016, at 2:36 AM, stef <[email protected]> wrote: > On Tue, Apr 12, 2016 at 08:12:52PM -0700, Tony Arcieri wrote: >> On Tue, Apr 12, 2016 at 7:26 PM, Ron Garret <[email protected]> wrote: >> Well, that's true, but it's also hundreds of times bigger than a token in >> the Yubikey "nano" form factor, which is actually convenient to keep >> permanently in the USB slot of a laptop. Your physical design seems pretty >> unwieldy for laptops (see also Yubico's keychain designs). >> >> Yubikey "nano" factor tokens like the NEO-n have also supported more >> general purposes than a U2F token (e.g. CCID interface, OpenPGP applets, >> see also PIV) >> >> I swear I'm not a paid shill for Yubico, but I'm a fan of small >> display-free hardware tokens. While a token like what you've built might >> provide Maximum Security under pessimistic threat models, its large size >> makes it look rather inconvenient to me. > > coincidentally i'm hacking on a similar device for quite some time. and while > one of my design goals was to have my keys always on me, even in the sauna.
As long as you don’t actually want to *use* it in the sauna you could take the SC4-HSM with you, but you’d probably want to put it in a ziploc bag. > there's another hard requirement, which is kinda conflicting with having a > device so small to always keep it in the usb plugged. this requirement is to > have the unlocking of the key material depend only on the usb device not on > the usb host. If you were to implement a pass phrase to lock the SC4-HSM (the current firmware doesn’t support this but it’s easy to add this feature), that pass phrase would not depend on the host. You’d use it (via a KDF) to encrypt/decrypt the secret keys stored on the device. > if i have to enter my password to unlock the keys on the pc, any > finfisher/hackingteam malware can duplicate my password and use it itself. That’s true. But your attacker would *also* need to get *physical* access for the password to do them any good. Also, if you were being super-duper paranoid, you could always dedicate a host device for this purpose and keep it air-gapped. > so the i need some kind of passphrase entry on the device. and with this > requirement the UX actually favors bigger designs, with displays. The display is actually not the limiting factor on size as much as the input device is. I don’t know of any way to add a high-bit-width input device to a device this size. The SC4-HSM has two push-buttons, and if you really wanted to you *could* use those to enter a PIN of some kind, but it would be a UI/UX nightmare so I wouldn’t advocate it. > i also understand that a small device in a usb slot is nice, but it also > encourages continuous contact between the keystore and an untrusted device. i > rather unplug my keystore when it's not needed. I’m not sure I understand this. It’s easy to unplug any USB device when it’s not in use. What would be the alternative? > as a shameless plug, my designs are already in production, and will available > in small quantities this summer. Cool! What is it called? How can I get one? rg _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
