nitrokey-fido2-firmware
tillitis-key1
| nitrokey-fido2-firmware | tillitis-key1 | |
|---|---|---|
| 24 | 9 | |
| 52 | 379 | |
| - | -0.3% | |
| 0.0 | 8.5 | |
| about 1 year ago | 18 days ago | |
| C | Verilog | |
| GNU General Public License v3.0 or later | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nitrokey-fido2-firmware
-
Since our phones and devices are the forefront of these Gangstalking abuses:
Ever thought of using something like https://www.nitrokey.com/ or Blackphone? Remove your mics and cameras
-
YubiKey with Storage
Yes, Nitrokey.
-
Which 2FA app do you use?
KeePassXC mostly; andOTP when I don't have my laptop with me. Recently got my Nitrokey, which works great as well. Has both USB-C as well as NFC, so that might be the more convenient alternative to andOTP in the future.
- NitroKey – Protects emails, files, hard drives, server certificates and accounts
- Is there a good hardware authenticator that ships from the us? (It must be completely free/libre)
- Thetis, Yubikey, Solokey, Nitrokey, Onlykey, etc. Differences and Compatability?
- Yubico is merging with ACQ Bure and intends to go public
-
Can you import your own FIDO2 private keys?
Other FIDO2 devices allow the firmware to be rewritten but Yubico does not allow such changes. I prefer Yubico's approach so we have better assurance of validity. https://github.com/Nitrokey/nitrokey-fido2-firmware
- The Blue Is Gone
-
Passwort Manager
Bitwarden plus 2FA (z.B. YubiKey, Nitrokey) 🔐🦾
tillitis-key1
- Tillitis TKey version TK1-24.03 Bellatrix has been released
-
Fixing the TPM: Hardware Security Modules Done Right
Having a look at their documented threat model: https://github.com/tillitis/tillitis-key1/blob/main/doc/thre...
I love this particular detail, listed under Assumptions:
> The end user is not an attacker. The end user at least doesn't knowingly aid the attacker in attacks on their device.
I love this, it's exactly what I want from a HSM device. However, sadly, most vendors today deploy TPMs in such a way that the end-user is an attacker (see: Google SafetyNet) - and the TKey is kinda incompatible with that, I suppose.
-
Is there a good hardware authenticator that ships from the us? (It must be completely free/libre)
I'm not sure if they are publicly available yet by tillitis may be what you're looking for.
-
Yubico is merging with ACQ Bure and intends to go public
No, not yet. Physical attacks are out of scope for the TKey1, even if we have some mechanisms in play which try to extend the time and effort required to perform a successful evil maid-attack extracting the Unique Device Secret (UDS). See the threat model for the release:
https://github.com/tillitis/tillitis-key1/blob/main/doc/thre...
The current casing is fairly tamper evident (it will break), but we do not yet use real, tamper evident sealing. We are looking at tamper sealing for future versions. And ways to further protect against physical attacks.
-
How to Yubikey: A Configuration Cheatsheet
Mullvad VPN has announced that they are working on the "Tillitis"[1] key and it looks like it's releasing pretty soon (2023-03-23).
From the website:
>The TKey™ is a new kind of USB security key inspired by measured boot and DICE.
>TKey™s design encourages developers to experiment with new security key applications and models in a way that makes adoption easier and less risky forend-users.
>TKey™ is and always will be open source hardware and software. Schematics, PCB design and FPGA design source as well as all software source code can be found on GitHub.
[1]: https://www.tillitis.se/ -- also "tillit" is Swedish for "trust"
-
OneRNG – Open Hardware Random Number Generator
Given a suitable app, the Tillitis Key 1 works as a RNG. I have written a first version, and will release one in the public app repository in a week or so.
https://github.com/tillitis/tillitis-key1
https://github.com/tillitis/tillitis-key1-apps
-
Mullvad Creates a Hardware Company
No, the integrity is within the device. You load the small (64k) apps onto the key and the content of the apps with the unique key for the device can be used by the app to perform cryptography and their integrity can be audited. This is similar to JavaCard with cryptographic integrity of the applets. Read more at: https://github.com/tillitis/tillitis-key1/blob/main/doc/syst...
What are some alternatives?
nodemcu-firmware - Lua based interactive firmware for ESP8266, ESP8285 and ESP32
yubikey-provisioning-scripts - A set of scripts to automate the provisioning of yubikey's openPGP applet.They set up your yubikey for git commit signing and SSH so you don't have to!
goodix-fp-dump - All our work to make Goodix fingerprint sensors work on Linux. Thanks to @markusressel and @PJungkamp for sponsoring.
solo1 - Solo 1 firmware in C
russhian-roulette - 1/6 chance of posting your SSH private key on pastebin :)
OpenSK - OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
tkey-ssh-agent - SSH Agent for TKey, the flexible open hardware/software USB security key 🔑
win-gpg-agent - [DEPRECATED] Windows helpers for GnuPG tools suite
TPMGenie - TPM Genie is an I2C bus interposer for discrete Trusted Platform Modules
Tasmota - Alternative firmware for ESP8266 and ESP32 based devices with easy configuration using webUI, OTA updates, automation using timers or rules, expandability and entirely local control over MQTT, HTTP, Serial or KNX. Full documentation at
untwister - Seed recovery tool for PRNGs