floppy-driver-rs VS OpenSK

Interesting and fun project! I found the MFM encoding page particularly enlightening as it explained why you have to write a full sector at a time on a floppy, even though there's nothing physically constraining you to that so far as I could see on the electromechanical/hardware side of things.

And on that page the "make sure the compiler didn't inject 10,000 lines of boundary checks" bit told me everything I needed to know about what language the project was written in :lol: - here's the link to the driver: https://github.com/SharpCoder/floppy-driver-rs

I'm glad to see the Teensy continuing to get love; I adopted it back when it was at v1 and v2 as it was just such a complete no-brainer of a better choice than the Arduino stack everyone was using back then. I think now there's even an Arduino-on-Teensy software stack, but I've moved to just using STM32 directly and have greatly enjoyed coding for that target in rust.

Head on over to the https://floppy.cafe if you want to learn everything about how these ancient disks work. I spent the last few months bit-banging a device from the 90s and documenting my process. Hopefully this information proves useful to somebody. Aliens, technoarcheologists, retro computing geeks? I'm not sure who my target audience is, but it was a lot of fun to throw this together and I hope you can enjoy my little slice of the 90s!

Head on over to the floppy cafe, if you want to learn more! https://floppy.cafe/ and here's my github repo with the full source for my project: https://github.com/SharpCoder/floppy-driver-rs

https://github.com/google/OpenSK works, it runs on something like this $15 board. Could do with a case though.

https://www.nordicsemi.com/About-us/BuyOnline?search_token=n...

There are a huge number of other vendors supporting Webauthn apart from Yubikey. (From the top of my head Nitrokey, Solo, Tomu, Mooltipass, Ledger, Trezor, Google Titan, OnlyKey, Token2).

You could also use the system TPM (https://github.com/psanford/tpm-fido).

A brief search didn't yield any FIDO2 software-only solutions for Linux, but I see no reason why in principle you couldn't implement it (perhaps interfacing https://github.com/google/OpenSK through hidg - similar projects do exist for U2F).

Cloudflare does, using a security key not found in the FIDO Metadata Service will unfortunately not work. This precludes the use of any hacker-friendly solution (making your own).

> Supported: All security keys found in the FIDO Metadata Service 3.0, unless they have been revoked for security reasons.

https://support.cloudflare.com/hc/en-us/articles/44068890480...

Attestation keys, as they're currently used, aren't very "privacy friendly" and it's much worse for those who wish to create their own key.

> Usually, the attestation private key is shared between a batch of at least 100,000 security keys of the same model. If you build your own OpenSK, your private key is unique to you. This makes you identifiable across registrations: Two websites could collaborate to track if registrations were attested with the same key material. If you use OpenSK beyond experimentation, please consider carefully if you want to take this privacy risk.

https://github.com/google/OpenSK/blob/f2496a8e6d71a4e8388849...

There are a number of FOSS solutions.

- https://github.com/google/OpenSK <- DIY solution

- https://solokeys.com/

- https://www.nitrokey.com/

The issue with any FOSS solution is that FIDO requires an attestation private key which is shared between a batch of at least 100,000 security keys. Using a DIY or cli app (application running on the host) solution will likely mean you'll be generating that private key yourself, this makes you identifiable across registrations.

I'm not sure what you're replying to--this scheme is much closer to self-signed X509 client certs, not FIDO. But regarding FIDO, it does not prevent user-controlled hardware; it's up to RPs to choose if they require specific device manufacturers or not.

In my experience, the vast majority of (consumer) RPs do not require specific batch attestation, which is why you can make your own FIDO key: https://github.com/google/OpenSK.

I am under the impression support for attestation was controversial in FIDO--it's clearly useful for enterprise scenarios (e.g. where an enterprise requires some silly certification like FIPS: https://support.yubico.com/hc/en-us/articles/360016614760-Ac...), but there's always the risk that consumer-facing RPs require it for no good reason.

My employer requires FIPS certification due to FedRAMP; I'd be interested in how you would propose to change FIDO such that--as now--I can use a single key for work and for all my consumer needs while eliminating attestation.