
Krypt.co raises 1.2M to securely store your SSH private key on your phone - jlrubin
https://techcrunch.com/2017/06/05/krypt-co-scores-a-1-2-m-seed-round-to-simplify-developer-encryption-key-security/
======
gruez
It's 1.2M for an app that doesn't meaningfully increase security. Let's
suppose this thing gets somewhat popular. Now malware will detect the presence
of this app, wait until a legitimate request gets initiated, and piggy back
off that. You approve the request, the malware logs into your servers/repos,
does whatever evil thing it needs to do, let the original app do its thing,
and you're none the wiser.

~~~
arghwhat
You'd have to elaborate a bit on your theoretical attack here.

1\. A request and its signed response can only be used for a specific login
attempt by SSH design.

2\. The app, through some nasty hacks, receive the host auth blob from the
server to verify. If you skip this, the request will be labelled as from
"unknown" to "warn" the user. Such request are never auto-accepted during
"accept for 1h" periods.

3\. The app has an internal known hosts list, so it denies attempts to just
replicate hostname to trick the user.

4\. The app has to be paired with each machine that can authenticate, or the
key material must be stolen off a paired machine. "Timed" acceptance is per
pairing basis, so abuse of that only works if you steal the right pairing. The
app shows the name of the pairing when requesting approval.

If you want to trick the user to accept your request by firing it
simultaneously with a legitimate one, you first have to steal pairing data
from the machine the user is logging in from. Then, you'd either have to auth
against the very same host as the user, or have the request say that the host
is unknown (sticks out, seeing that the legitimate request is also there).
There would also be two requests in a row, which might warn the user.

The other attack vector I can think of would be trying to accept a random
request done by an attacker, either by tricking the user (clickjacking-style)
or by using an exploit on the device.

A yubikey-like device with a screen displaying request information and a
hardware approval method would be better than an arbitrary android device, but
I would argue that the model presented by this piece of software isn't as bad
as you make it sound.

~~~
baldfat
> s yet, there are no known exploitable vulnerabilities in SSH2, though
> information leaked by Edward Snowden in 2013 suggests the National Security
> Agency may be able to decrypt some SSH traffic.
> [http://searchsecurity.techtarget.com/definition/Secure-
> Shell](http://searchsecurity.techtarget.com/definition/Secure-Shell)

I really don't understand how people continue to state wrong information about
ssh. Is it because of Heart Bleed? SSH is 22 years old and is still a solid
tool. The only bad thing about ssh is key management which this company is
addressing.

~~~
fidget
There are other bad things about ssh. Tofu sucks balls and ssh users are far
too comfortable with it.

~~~
voltagex_
Had to look it up.
[https://en.wikipedia.org/wiki/Trust_on_first_use](https://en.wikipedia.org/wiki/Trust_on_first_use)

What would you replace it with?

~~~
transitorykris
Signed keys. Here's an example of how to do it from Digital Ocean:
[https://www.digitalocean.com/community/tutorials/how-to-
crea...](https://www.digitalocean.com/community/tutorials/how-to-create-an-
ssh-ca-to-validate-hosts-and-clients-with-ubuntu)

------
dmitrygr
Very professional code there .... [https://github.com/kryptco/kryptonite-
android/blob/master/ap...](https://github.com/kryptco/kryptonite-
android/blob/master/app/src/main/cpp/native-lib.cpp)

Cannot wait to trust these guys with my ssh key!

/s

~~~
paulddraper
Huh? What's wrong?

~~~
Woofles
I think that file is just clearly unnecessary and it just shows sloppy project
management to leave a file like that in a production (open source) codebase.

------
floatboth
Never thought I'd see "raises 1.2M" and "SSH private key" in one sentence.

What would they even do with this money?

~~~
_wmd
Hire 3 good people for 18 months, spend $200k on marketing

~~~
homakov
I really want more details on marketing side. 200k on G Adsense? Paid posts?
Pitching? Maybe some short blog post on how to promote a product?

------
bhhaskin
Why on earth would I want my ssh keys on a device that is almost always
connected to the internet if security is a major concern? A Yubikey (hardware
based key) is by far the best solution.

~~~
floatboth
Your desktop is also always connected to the internet (unless you're have very
very high security requirements). And your desktop probably runs way more
untrusted code with less sandboxing. Of course a hardware key is more secure,
but this seems like a meaningful improvement over normal key files.

------
victor9000
Am I the only one around here who wants to keep their private keys private?

~~~
michaelmior
No. Your private keys are still private when using Kryptonite.

------
ovao
I've been using Kryptonite a little bit and generally I'd say it's been a
pretty pleasant experience. While I personally haven't spent much time
weighing the pros and cons from a security perspective (and I'm not a security
expert, so in all likelihood I'm not in a position to give a fair evaluation
of it), from an overall user experience perspective these guys have done a
really solid job.

If I have any gripe it's that, when using with Git, Visual Studio Code's Git
autofetch feature winds up causing Kryptonite to issue a push notification to
my phone every couple of minutes after first authorizing for three hours, with
no way to granularly suppress notifications. That's really kind of the point
of Kryptonite, obviously, but it's possible there's a better solution for this
on Kryptonite's end that wouldn't require any contortions from users.

------
jbb67
How does this work if you lose or break your phone? I know several people who
use 2FA apps on their phones to log onto services and whose phones broke and
they couldn't log on. While there is usually some way to recover your logon
I'd argue that for most people and uses the chances of
losing/breaking/replacing their phone and having to go through a painful
recovery process outweigh the security advantages.

~~~
michaelmior
From their FAQ:

> What happens if I lose my phone? > First make sure you remove the old SSH
> public key from any of your accounts. Once you have Kryptonite installed on
> your new phone, add the new public key to the accounts you were using SSH
> with before.

So basically you'd need to have an alternative method of authentication to be
able to add the new public key (and remove the lost one).

------
PokeAcer
Any Windows support? YubiKey's advantage (Aswell as the fact that it's
designed for keystorage, and malware can now just target Android and can
automatically approve it themselves) is that it works crossplatform; I can use
a YubiKey (when I can afford one) with PuTTY - there seems to be no way to do
this.

~~~
4kevinking
We currently support Bash on Ubuntu on Windows, but PuTTY/Cygwin support is
further off.

A code execution exploit on your Android phone would result in being able to
approve automatically, but without Kryptonite, a trojan in _any_ of the apps
on your computer could steal your SSH key and use it unhindered, like what
recently happened to Handbrake [[https://threatpost.com/handbrake-for-mac-
compromised-with-pr...](https://threatpost.com/handbrake-for-mac-compromised-
with-proton-spyware/125518/)]

------
madamelic
This sounds like a neat idea but I have to agree with gruez that this is a
disaster waiting to happen.

I carry my KeePassX DB on my phone and know it is slightly safer than typical
cloud providers because it isn't actively being targeted.

That said, I would try this out.

~~~
jopsen
An yubikey is certainly better and simpler.

Maybe if modern phones have special hardware features where key material can
be stored, so that it can't be duplicated.

~~~
iancarroll
Reposting my comment:

The iPhone has a secure enclave that does elliptic curve key generation and
signing[0] (the key obviously cannot be exported). I'd be surprised if they do
not implement that soon; it's not terribly difficult[1].

[0]
[https://twitter.com/iangcarroll/status/830878517730623492](https://twitter.com/iangcarroll/status/830878517730623492)

[1]
[https://developer.apple.com/documentation/security/1644033-s...](https://developer.apple.com/documentation/security/1644033-seckeycopykeyexchangeresult?language=objc)

------
LinuxBender
"Securely" and "phone" do not go in the same sentence.

~~~
michaelmior
Why do you think your phone is inherently less secure than your
desktop/laptop?

~~~
LinuxBender
Your laptop/desktop are not secure either. That said, cell phones today have
everything... every little bit of everyones life embedded on them. The are on
all the time. They are not patched as often as desktop OS's. They are juicy
delicious targets and great listening / tracking devices. Laptops can be used
this way, but nowhere near the same target value.

~~~
LinuxBender
I forgot to mention, all cellphones come bundled with vendor installed
spyware. CarrierIQ is one such example, now owned by AT&T, but there are many
of them. They will tell you it is only enabled when your device is in debug
mode, but your device dials home all the time and a single http header can
enable debug for a period of time.

