Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
OpenSK
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
-
tillitis-key1
Board designs, FPGA verilog, firmware for TKey, the flexible and open USB security key 🔑
-
nitrokey-fido2-firmware
FIDO2 USB token optimized for security, extensibility, and style. A fork of Solo key.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
The idea of authenticator hardware is inherently hostile to DIY and open source because you cannot produce or extract a keypair to generate valid attestation statements. Unless you are part of the cartel of course.
https://w3c.github.io/webauthn/#attestation-statement
https://github.com/google/OpenSK works, it runs on something like this $15 board. Could do with a case though.
https://www.nordicsemi.com/About-us/BuyOnline?search_token=n...
No, not yet. Physical attacks are out of scope for the TKey1, even if we have some mechanisms in play which try to extend the time and effort required to perform a successful evil maid-attack extracting the Unique Device Secret (UDS). See the threat model for the release:
https://github.com/tillitis/tillitis-key1/blob/main/doc/thre...
The current casing is fairly tamper evident (it will break), but we do not yet use real, tamper evident sealing. We are looking at tamper sealing for future versions. And ways to further protect against physical attacks.