
Show HN: A secure, open source U2F token you can make with $4.5 worth of parts - conorpp
https://github.com/conorpp/u2f-zero
======
devy
The author, Connor Patrick's personal site has a "looking for work" page[1].
It reads:

    
    
        I want to work on projects that do good. 
        I don’t want to work on projects regarding surveilance 
        or the weaking of existing cryptosystems.
    

Way to go Connor!

[1]: [https://conorpp.com/work/](https://conorpp.com/work/)

~~~
fasteo
>>> I’m currently looking for work in the U.S. government.

A crypto work in the goverment not related with surveilance - directly or not-
seems difficult to find.

Or am I missing something ?

~~~
dsl
Vast parts of the NSA are full of good people doing good work.

The Information Assurance Directorate is advancing the state of the art in
cryptography and is leading the charge in developing quantum-resistant
algorithms.

([https://www.iad.gov/iad/library/ia-guidance/ia-solutions-
for...](https://www.iad.gov/iad/library/ia-guidance/ia-solutions-for-
classified/algorithm-guidance/cnsa-suite-and-quantum-computing-faq.cfm))

------
CJKinni
My barrier to entry with a lot of DIY hardware projects was an incorrect
assumption that it was difficult/expensive to get PCBs made. Looking into
this, I found the blog of the guy running this project and he had some
experience with various cheap PCB vendors, with stencils going as low as $18.
[1]

[1]: [https://conorpp.com/2016/03/13/my-experience-with-
dirtypcbsc...](https://conorpp.com/2016/03/13/my-experience-with-
dirtypcbscom/)

~~~
tomkinstinch
In addition to the vendors you mention via that link, OSH Park[1] is great
option for hobbyists (or very small-volume production). This is the same
source listed in OP. It's a board pooling group that puts many small-run
orders on the same panel to economize on setup costs. OSH Park uses high-
quality US manufacturers to produce the boards (with tight tolerances,
silkscreen, soldermask, gold-flashed pads, etc.) I believe they used to use
Amitron outside Chicago, but I'm not sure if that's still the case. I've had
probably 300 boards made by them, and they've all been great.

In open source designs you can usually spot OSH Park boards by the distinctive
purple color. Seeed Studio and the other Asian budget board houses are a
decent economy option if you can get away with looser tolerances. OSH Park is
nice for compact designs because the gold-flashed pads are better for surface-
mount parts, since they aren't raised like traditional solder-painted pads.
Unlike most quickturn PCB fabs they don't bury you with options; the standard
options give you everything you need (ENIG, double mask+silk screen, either
2/4 layer, etc.). The OSH Park ordering wizard is a case study in how PCB
orders should be done (upload and a couple clicks, with a graphical preview),
and for the quality the price can't be beat. Because orders are pooled and
then separated before shipping out, it is slower.

You can use the free and open KiCad[2] software (again, what was used in OP;
tutorials[3,4]) to do schematic capture and board layout, have it generate
some gerber and drill files, and then order the boards for a few bucks from
OSH Park. KiCad won't do simulations like Altium or some of the other
commercial packages, but if you just want to take a schematic and make a board
it works fine. Definitely learn its hotkeys.

1\. [https://oshpark.com/](https://oshpark.com/)

2\. [http://kicad-pcb.org/](http://kicad-pcb.org/)

3\.
[http://teholabs.com/knowledge/kicad.html](http://teholabs.com/knowledge/kicad.html)

4\.
[http://store.curiousinventor.com/guides/kicad/](http://store.curiousinventor.com/guides/kicad/)

~~~
zaroth
This must be awesome for training and university settings, to have such low
cost options for learning the craft. Is it used much by startups / is it
bringing down the barrier to entry that much?

~~~
mplewis
Yes. Small startups that don't care too much about turnaround time love OSH
Park and Seeed Studio.

My last company did care about turn time but also wanted affordable boards.
They used PCB-Pool: [http://www.pcb-pool.com/ppus/index.html](http://www.pcb-
pool.com/ppus/index.html)

~~~
lsllc
OSH Park has an "expedited" fee with which you can get a ~5 day turnaround.

------
sowbug
Two comments on the circuit:

1\. If you're willing to add two more diodes, you can make the USB connector
two-sided so that it can plug in either way. See
[http://electronics.stackexchange.com/questions/209941/two-
si...](http://electronics.stackexchange.com/questions/209941/two-sided-
connectorless-usb-on-a-pcb) for explanation.

2\. The ALPS SKQGAKE010
([http://www.mouser.com/search/ProductDetail.aspx?R=0virtualke...](http://www.mouser.com/search/ProductDetail.aspx?R=0virtualkey0virtualkeySKQGAKE010))
is inexpensive and popular. It looks like it's lower-profile than the button
used in the current design, which means it'd be more likely to survive for a
long time in a pants pocket, jangling along with a bunch of keys.

~~~
conorpp
Thanks for the comments! I never thought of trying to do a reversible USB
connection. And it's actually quite easy!

The button you point out looks like a better choice. It's about 10 cents
cheaper than my current one. Currently sold out with 13 week lead time at
Mouser! Must be popular.

~~~
sowbug
Another version is this:
[http://www.mouser.com/Search/m_ProductDetail.aspx?R=SKQGADE0...](http://www.mouser.com/Search/m_ProductDetail.aspx?R=SKQGADE010virtualkey68800000virtualkey688-SKQGAD)

That one requires more force to press. It's also more expensive, but it's in
stock now. It has the same footprint, so it'd be good for prototyping.

------
Loic
I just hope the keys are not his home/office keys. Please do not secure the
access to your digital life with an U2F token and break the security of your
_real_ life by putting a picture of your keys in the open...

~~~
the_mitsuhiko
You should not be using low security keys for home and office in the first
place.

~~~
toomanybeersies
Plenty of people rent, and can't easily change the locks or add more locks to
the house.

Upon saying that, I've added extra locks (bedroom locks) to the past 2 houses
I've lived in, and the landlord had no issues, but that's student flats and
cheap landlords.

That's not to mention that it's a lot easier to just break a window than pick
a lock. I have never heard of a burglar breaking into a house by picking the
lock. The sort of people that burgle residential houses tend not to be the
sort of people with the skill, intelligence and finesse to pick locks.

~~~
JshWright
> That's not to mention that it's a lot easier to just break a window than
> pick a lock.

Or in the case of residential interior doors, lean on the door kinda hard...

------
amluto
Linux users should use cross-vendor U2F support rather than hardcoding device
ids into the udev rules:

[https://github.com/amluto/u2f-hidraw-
policy](https://github.com/amluto/u2f-hidraw-policy)

------
vog
I'm curious about the following statement in the README:

 _> The token is durable enough to survive on a key chain for years, even
after going through the wash._

On the other hand, the token is shown as "naked electronics", without a husk.

Is that really sufficient for such a device? Does it really withstand
(mineral) water, mechanical stress (key chain), let alone the combination of
both (washing)?

~~~
aexaey
It would absolutely _not_ survive for very long like this (naked PCB on a key-
chain). Mechanical damage from the actual keys on the same chain is what will
kill it before water, sweat, washing liquid, pocket lint or ESD do.

First things to fail will be ceramic capacitors torn/cracked and leads of
SSOP-20 package bent/shorted.

That said, it is trivial to protect the board from all of above - just wrap it
(except USB connector) with insulating tape or better yet, cover with silicone
putty, or similar.

~~~
jacquesm
Cast in epoxy. Cheap and quite durable.

~~~
StavrosK
Do you have any information on what you need to buy and how it works? Do you
need a hot air station?

~~~
jacquesm
It's just a base + a hardener, mix and cast. Make sure you protect switches
and connectors before casting. The reaction is exothermal, if you cast larger
volumes you may need to cool the whole thing to avoid trouble (such as fire).

~~~
StavrosK
That sounds easy enough, thanks!

~~~
jacquesm
[http://www.polyservice.nl/PU-Giethars-
PS-115-p-16232.html](http://www.polyservice.nl/PU-Giethars-
PS-115-p-16232.html)

(In dutch, sorry, but you'll be able to find similar stuff all over the world)

------
xaduha
Haven't tried it yet, but there is this for smartcards. Not sure if it will
work with blank java cards, I mean they provide the cap file and source.

[https://github.com/LedgerHQ/ledger-u2f-javacard](https://github.com/LedgerHQ/ledger-u2f-javacard)

------
zxcvgm
Nice! I initially wanted to build a similar device using just an ATtiny85 that
speaks USB using USBtiny [1] or V-USB [2]. It would be low-cost but also not
secure. Using a crypto processor like the ATECC508A is obviously a saner
choice.

[1]
[http://dicks.home.xs4all.nl/avr/usbtiny/](http://dicks.home.xs4all.nl/avr/usbtiny/)
[2]
[https://www.obdev.at/products/vusb/index.html](https://www.obdev.at/products/vusb/index.html)

~~~
conorpp
As the ATECC508A is just an I2C peripheral you still have a broad choice for
microcontrollers (as you still need a U2F program and U2F).

I choose to use a EFMUB1 from silicon labs.

------
badsock
This project is awesome, but I'd be worried about my hand brushing up against
all that lead every day for years. Or am I being too paranoid? In any case,
easily solved with some casting epoxy.

~~~
kbaker
There is a 3d-printable case included in the repo!

[https://github.com/conorpp/u2f-zero/blob/master/hardware/cas...](https://github.com/conorpp/u2f-zero/blob/master/hardware/case/u2f-zero-
case%20.stl)

~~~
sleepychu
TIL Github has an STL preview viewer.

------
cwkoss
Very cool! Has anyone published any work on using sidechannel information to
extract keys from U2F tokens?

~~~
conorpp
Yes. There is [1] which is on Yubikey OTP specifically.

And on a lot more that focus on general embedded platforms running common
cryptographic algorithms. U2F uses elliptic curve cryptography (ECC)
internally -- check out this source for DPA on ECC [2].

[1]
[http://link.springer.com/chapter/10.1007/978-3-642-41284-4_1...](http://link.springer.com/chapter/10.1007/978-3-642-41284-4_11)

[2]
[http://saluc.engr.uconn.edu/refs/sidechannel/](http://saluc.engr.uconn.edu/refs/sidechannel/)

------
cdnsteve
U2F seems great. I've just started using it and am looking for a device. Maybe
now I'll build my own! His article on accelerating a program with hardware was
a great read too. [https://conorpp.com/2015/12/16/how-to-accelerate-a-
program-w...](https://conorpp.com/2015/12/16/how-to-accelerate-a-program-with-
hardware/)

~~~
camiller
I use this $6 one.

[https://www.amazon.com/gp/product/B00OGPO3ZS](https://www.amazon.com/gp/product/B00OGPO3ZS)

which I can confirm works with google account, github, dropbox. It is a
buttonless design that activates upon insertion.

While an interesting idea, the $4.50 board + $3 in smt parts equates to a 25%
cost increase vs. the cheap one above, assuming you already have the
tools/programmer. Long term durability of the one I linked is still in
question, I've been using it since about Jan 1.

------
sowbug
Here is a shared Mouser project list with the eight parts:
[http://www.mouser.com/ProjectManager/ProjectDetail.aspx?Acce...](http://www.mouser.com/ProjectManager/ProjectDetail.aspx?AccessID=ec674f0a7f)

I haven't carefully checked that the part numbers are equivalent. If you find
an error, please let me know.

------
amluto
This is neat!

Is there also source for the firmware that runs on the secure element?

~~~
conorpp
No it is purely a hardware peripheral that just has configuration options.

[http://www.atmel.com/Images/Atmel-8923S-CryptoAuth-
ATECC508A...](http://www.atmel.com/Images/Atmel-8923S-CryptoAuth-
ATECC508A-Datasheet-Summary.pdf)

~~~
lucaspiller
What does this do that can't be done with a generic AVR chip? If you set the
correct lock flags the memory and firmware can't be read or changed without a
complete erase:

[http://electronics.stackexchange.com/questions/53282/protect...](http://electronics.stackexchange.com/questions/53282/protecting-
avr-flash-from-reading-through-isp)

~~~
iuguy
The crypto involved in U2F is extremely hard to do in an AVR. There are issues
with sources of randomness (I'm currently playing with implementing entropy
via Watchdog Timer jitter on the ATTiny85, which appears suitably random but
is slow), and the capabilities of the devices themselves to produce output at
reasonable speeds.

A slower Cortex M0 might not be sufficient to get decent speeds, but I suspect
an M3, something like an AT91 could do the job.

------
rajeemcariazo
I didn't know github also supports 3d models with visualization

~~~
Etheryte
For those confused, see
[https://github.com/conorpp/u2f-zero/commit/dd71758a](https://github.com/conorpp/u2f-zero/commit/dd71758a)

~~~
sleepychu
Is that green because it supports difs?!

~~~
the_mitsuhiko
Yes: [https://github.com/blog/1633-3d-file-
diffs](https://github.com/blog/1633-3d-file-diffs)

~~~
sanderp
Holy crap. That's awesome!

------
arviewer
The programmer link is not working.

> The page isn't redirecting properly

[http://www.digikey.com/product-detail/en/silicon-
labs/DEBUGA...](http://www.digikey.com/product-detail/en/silicon-
labs/DEBUGADPTR1-USB/336-1182-ND/807653)

------
zaroth
Is there anything written on why this is a valid choice for improving op-sec
versus going with a commercial offering?

Open source made from parts seems like it would be very much under your own
control. But it is also... _bespoke_. Which raises a different threat model,
doesn't it?

~~~
pjc50
Bespoke solutions generally require bespoke attacks. If you're targeted as an
individual by a state-level bespoke attack, you're going to lose regardless.

U2F defends you effectively against phishing and keyloggers, which are a
widespread problem.

------
StavrosK
This looks fantastic, and doubly so because it uses KiCAD, which I love.

------
tinloaf
As far as I understood the U2F standard, the dongles need a FIDO-issued
manufacturer key. Do sites accepting U2F just not check that the corresponding
signature is present?

~~~
tinloaf
Addendum: See page 14 of the specs overview:
[https://fidoalliance.org/specs/fido-u2f-overview-v1.0-rd-201...](https://fidoalliance.org/specs/fido-u2f-overview-v1.0-rd-20140209.pdf)

------
tomohawk
I really like the idea of using a token like this, but how do you back up the
data if the key is not copyable?

~~~
beagle3
That's the idea. You don't.

Either you generate the key some other way and write it into the device (but
it cannot be read again), and backup the original; or you generate it on the
device and do NOT back it up - instead you make a back-up key, and authorize
both keys rather than just one.

I don't know if this supports external key. YubiKey does.

------
a3r0
This page seems to instantly crash the tab for me in Chrome

------
sleepychu
Optimised for style XD

