Comments (6)
Dmitry's solution is clever.
Actually if the old key got reflashed, it would no longer have the old key material on it. So it would be useless. Assuming the flash on the keys was locked properly.
An interesting thing to discuss is how to handle duplicate provisioning. For Solo, the key is randomly generated on the device. If we want to have duplicates, there needs to be a way for an external key to be written instead. Should this write-only option for the key material always be present on Solo? Also the counter parameter needs to be configurable and lockable.
from solo1.
There is nothing that prevents an attacker that got physical access to your key to reflash a new firmware that has an even higher boost value than the backup key to re-enable that key, though?
But that is not the main concern here anyway, i guess.
from solo1.
There is nothing that prevents an attacker that got physical access to your key to reflash a new firmware that has an even higher boost value than the backup key to re-enable that key, though?
I guess.
But that is not the main concern here anyway, i guess.
I guess not.
:)
from solo1.
Hi! is there any update on implementing this idea? I will start playing around with u2f zero until then.
from solo1.
You can just modify firmware and add command to load/save whole memory .
but it totally insecure....
maybe needs to create something like key sharing system like in Gemalto SafeNet HSM, it can be done but it very hard to do for small amount of money)
from solo1.
It seems that the only U2F device with backup functionality is https://trezor.io/.
Infos about U2F: https://wiki.trezor.io/U2F
Infos about Backup: https://wiki.trezor.io/Recovery_seed
Are there any other devices?
from solo1.
Related Issues (20)
- Non compliance with spec in ctap_parse_client_pin ?
- CTAP Error - NOT_ALLOWED when trying to program firmware HOT 1
- Registered key not recognised
- Opened by mistake
- New solo key usb-c not recognized by login sysem on linux HOT 6
- Cant proceed firmware update for Solo2
- Problem adding ssh key to the SSH agent. HOT 1
- Solo2 fails to register with Okta as NFC device
- Project dead? HOT 3
- Compatibility with ESP-WROOM-32?? HOT 4
- broken link in docs/contributing.md
- Docker build all failed on macOS HOT 3
- Solo1 Ubuntu passwordless login HOT 1
- Solo Hacker Not Found with WSL HOT 3
- fido2.ctap.CtapError when running `solo1 key keyboard 'sequence'` HOT 1
- SoloKey dead after updating firmware to 4.1.5 HOT 1
- Broken link in FAQ https://solokeys.com/pages/faq
- make[1]: *** No rule to make target 'solo.elf', needed by 'solo.hex'. Stop
- Import Errors
- Stuck in bootloader
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from solo1.