OpenSK
hn-search
OpenSK | hn-search | |
---|---|---|
12 | 1,627 | |
2,904 | 524 | |
1.4% | 0.2% | |
6.3 | 2.9 | |
4 days ago | 6 months ago | |
Rust | TypeScript | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
OpenSK
- OpenSK – open-source implementation for security keys written in Rust
-
Yubico is merging with ACQ Bure and intends to go public
https://github.com/google/OpenSK works, it runs on something like this $15 board. Could do with a case though.
https://www.nordicsemi.com/About-us/BuyOnline?search_token=n...
- How to Yubikey: A Configuration Cheatsheet
- Make Custom Yubikey
-
WebAuthn, and Only WebAuthn
There are a huge number of other vendors supporting Webauthn apart from Yubikey. (From the top of my head Nitrokey, Solo, Tomu, Mooltipass, Ledger, Trezor, Google Titan, OnlyKey, Token2).
You could also use the system TPM (https://github.com/psanford/tpm-fido).
A brief search didn't yield any FIDO2 software-only solutions for Linux, but I see no reason why in principle you couldn't implement it (perhaps interfacing https://github.com/google/OpenSK through hidg - similar projects do exist for U2F).
-
Apple, Google, and Microsoft commit to expanded support for FIDO standard
Cloudflare does, using a security key not found in the FIDO Metadata Service will unfortunately not work. This precludes the use of any hacker-friendly solution (making your own).
> Supported: All security keys found in the FIDO Metadata Service 3.0, unless they have been revoked for security reasons.
https://support.cloudflare.com/hc/en-us/articles/44068890480...
Attestation keys, as they're currently used, aren't very "privacy friendly" and it's much worse for those who wish to create their own key.
> Usually, the attestation private key is shared between a batch of at least 100,000 security keys of the same model. If you build your own OpenSK, your private key is unique to you. This makes you identifiable across registrations: Two websites could collaborate to track if registrations were attested with the same key material. If you use OpenSK beyond experimentation, please consider carefully if you want to take this privacy risk.
https://github.com/google/OpenSK/blob/f2496a8e6d71a4e8388849...
-
Phone May Soon Replace Many of Your Passwords
There are a number of FOSS solutions.
- https://github.com/google/OpenSK <- DIY solution
- https://solokeys.com/
- https://www.nitrokey.com/
The issue with any FOSS solution is that FIDO requires an attestation private key which is shared between a batch of at least 100,000 security keys. Using a DIY or cli app (application running on the host) solution will likely mean you'll be generating that private key yourself, this makes you identifiable across registrations.
- Apple/Google/Microsoft to accelerate rollout of passwordless sign‑in standard
-
Login with a Public Ed25519 Key
I'm not sure what you're replying to--this scheme is much closer to self-signed X509 client certs, not FIDO. But regarding FIDO, it does not prevent user-controlled hardware; it's up to RPs to choose if they require specific device manufacturers or not.
In my experience, the vast majority of (consumer) RPs do not require specific batch attestation, which is why you can make your own FIDO key: https://github.com/google/OpenSK.
I am under the impression support for attestation was controversial in FIDO--it's clearly useful for enterprise scenarios (e.g. where an enterprise requires some silly certification like FIPS: https://support.yubico.com/hc/en-us/articles/360016614760-Ac...), but there's always the risk that consumer-facing RPs require it for no good reason.
My employer requires FIPS certification due to FedRAMP; I'd be interested in how you would propose to change FIDO such that--as now--I can use a single key for work and for all my consumer needs while eliminating attestation.
- I read the federal government’s Zero-Trust Memo so you don’t have to
hn-search
-
Louis Rossmann: YouTube's Legal Team sent me a letter [video]
If you see a post that ought to have been moderated but hasn't been, the likeliest explanation is that we didn't see it. You can help by flagging it or emailing us at [email protected].
https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
-
An Oil Price-Fixing Conspiracy Caused 27% of All Inflation in 2021
Ok, but please don't post unsubstantive comments to Hacker News.
I understand the reason for repeating these sentiments—it's the same reason why they get upvoted to the top of threads*—but repetition of this kind is what we're most trying to avoid here.
https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...
https://news.ycombinator.com/newsguidelines.html
* I've marked this one off topic now.
-
Validating app for manufacturers enhancing process reliability and efficiency
I was looking for it in the guidelines. There are a couple of conventions for postings. Consider a bit of prior examples: [https://hn.algolia.com/?q=show+hn]
-
Show HN: Hacker Search – A semantic search engine for Hacker News
yeah there are only three stories coming up from the site search
https://hn.algolia.com/?q=postgres+clustering
only one is semanthically correct, the other pick up the wrong version of clustering (i.e. k-means instead of multi master writes)
but yeah if one doesn't test the hard cases, how does one know it preserves semantics :D
- Longevity of Recordable CDs, DVDs and Blu-Rays
-
The Scientific Method Part 5: Illusions, Delusions, and Dreams
Like dismissing the work of Feyerabend or Wittgenstein without seemingly having read either:
https://hn.algolia.com/?dateRange=pastMonth&page=0&prefix=tr...
-
Any Google Analytics Alternatives?
https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
-
Russian GRU was behind the attack in Vrbětice, NCOZ confirms
If it's not [flagged], there's no flagging and hence also no flagging ring. baybal2 has been banned on and off for years now https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
-
Gary Killdall, creator of CP/M, wrote Pixar's original 3D renderer [pdf]
The submitted title was "Gary Killdall, creator of CP/M, wrote Pixar's original 3D renderer".
Submitters: If you want to say what you think is important about an article, that's fine, but do it by adding a comment to the thread. Then your view will be on a level playing field with everyone else's: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...
(From https://news.ycombinator.com/newsguidelines.html: "Please use the original title, unless it is misleading or linkbait; don't editorialize.")
-
Nearsightedness is at epidemic levels – and the problem begins in childhood
Vision therapy for myopia helps some people, but not everyone, likely due to genetic and neuroplasticity differences, https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu.... Nevertheless, many of the principles are useful for children whose eyes and brains are still developing.
What are some alternatives?
nrf52-u2f - An Open-Source FIDO U2F implementation on nRF52 SoC
duckduckgo-locales - Translation files for <a href="https://duckduckgo.com"> </a>
keyberon - A rust crate to create a pure rust keyboard firmware.
v - Simple, fast, safe, compiled language for developing maintainable software. Compiles itself in <1s with zero library dependencies. Supports automatic C => V translation. https://vlang.io
solo1 - Solo 1 firmware in C
parser - 📜 Extract meaningful content from the chaos of a web page
rust-u2f - U2F security token emulator written in Rust
readability - A standalone version of the readability lib
libfido2 - Provides library functionality for FIDO2, including communication with a device over USB or NFC.
yq - Command-line YAML, XML, TOML processor - jq wrapper for YAML/XML/TOML documents
smoltcp - a smol tcp/ip stack
milkdown - 🍼 Plugin driven WYSIWYG markdown editor framework.