software-feature: primary u2f-token invalidating backup about solo1 HOT 6 OPEN

Dmitry's solution is clever.

Actually if the old key got reflashed, it would no longer have the old key material on it. So it would be useless. Assuming the flash on the keys was locked properly.

An interesting thing to discuss is how to handle duplicate provisioning. For Solo, the key is randomly generated on the device. If we want to have duplicates, there needs to be a way for an external key to be written instead. Should this write-only option for the key material always be present on Solo? Also the counter parameter needs to be configurable and lockable.

from solo1.

There is nothing that prevents an attacker that got physical access to your key to reflash a new firmware that has an even higher boost value than the backup key to re-enable that key, though?

But that is not the main concern here anyway, i guess.

from solo1.

There is nothing that prevents an attacker that got physical access to your key to reflash a new firmware that has an even higher boost value than the backup key to re-enable that key, though?

I guess.

But that is not the main concern here anyway, i guess.

I guess not.

:)

from solo1.

Hi! is there any update on implementing this idea? I will start playing around with u2f zero until then.

from solo1.

You can just modify firmware and add command to load/save whole memory .
but it totally insecure....

maybe needs to create something like key sharing system like in Gemalto SafeNet HSM, it can be done but it very hard to do for small amount of money)

from solo1.

It seems that the only U2F device with backup functionality is https://trezor.io/.
Infos about U2F: https://wiki.trezor.io/U2F
Infos about Backup: https://wiki.trezor.io/Recovery_seed
Are there any other devices?

from solo1.