
Intel Security True Key - Jack5500
http://www.intel.com/content/www/us/en/architecture-and-technology/true-key/intel-true-key-technology.html
======
Seylerius
This is an adorably bad idea:

\+ As fdik said above, you can't change your fingerprint or face easily, and
it's always public

\+ Face recognition and fingerprint scanning are not robust against spoofing —
there are known ways to circumvent both

\+ You can be compelled to authenticate a biometric without a warrant

Don't use biometrics as a password; use them as a username.

~~~
BinaryIdiot
> Don't use biometrics as a password; use them as a username

Even then people's faces change and through accidents fingerprints can also be
changed / removed and then you're shit out of luck. I'm terrified I would
store my important shit in something like that then get into a car accident or
something and be no longer able to open it.

~~~
wolrah
Implement it like the Xbox Kinect auto-signin where you still have a username
but the camera lets the device figure it out on its own. That way people can
still manually enter their username in the event of any disfiguring injury or
technical glitches but don't have to normally.

~~~
BinaryIdiot
Right but the post I was responding to said to use biometrics as the
_username_ hence my comment. You're suggesting using it as a type of password
:)

~~~
wolrah
No I'm not, I'm suggesting it be used to identify the user, then they can
enter their password the same as always.

------
moppl
True Key makes use of the Intel Management Engine (IME). It gives a hint at
what Intel is up to with the IME. One of the intended uses is "identity
protection", storing secrets like e.g. biometric data in the realm of the IME,
and to ultimately get rid of passwords.

Considering the security concerns regarding the IME, I doubt that it is a good
idea to hand your passwords over to Intel (ME). At least I don't want to
support this technology by using apps that utilize the IME.

To read up on the IME there is a free book by one of the developers on it...

[http://link.springer.com/book/10.1007%2F978-1-4302-6572-6](http://link.springer.com/book/10.1007%2F978-1-4302-6572-6)

Inside is an entire chapter on Intel's identity protection.

~~~
seanp2k2
Interesting that Apple is doing similar things with the embedded ARM stuff in
the new touchbar MBPs.

~~~
wyager
The thing is that Apple actually has a pretty good track record for security
and not violating the privacy or integrity of customers' products. I have a
lot more trust in Apple doing this correctly. I'd be fine with Intel taking on
secure computing, but there's been some pretty bad stuff with the IME (like
sending data to the internet outside of user control when using intel NICs),
so I'm skeptical of this approach (especially when they're talking about
facial recognition as a security measure).

~~~
moppl
Just to give an idea of how bad the stuff is with the IME, I recommend reading
up Chapter 4 here:

Intel x86 considered harmful by Joanna Rutkowska

[https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf](https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf)

The IME is basically a second computer inside your computer, running as the
most privileged component on the platform. It has privileged access to all
components of the system, and runs as long as the computer is plugged in or
has battery (even if it the computer is switched off). It is under the control
of Intel, they decide what the IME does, and it can use the NIC as it pleases,
unnoticeable for the host system. It can not be disabled, switched off or
removed. The rootkit researcher Rutkowska described it as "an ideal rootkiting
infrastructure".

~~~
ddalex
Even if I would not consider "... considered harmful" essays as screamers for
attention, I would still take detraction about ME with a grain of salt,
because:

* it's easy to counteract, just not use an Intel NIC * it gets a lot of scrutinity * Intel is quite open about what it does, short of releasing signing keys for the firmware * the mobile platforms have similar secure enclaves (think baseband processors on phones), which nobody actually audits

All of these make me think Rutkowska found out that bashing x86 gets her
attention, and now she uses it as a beating horse.

------
fdik
They never seem to understand:

Your fingerprint like your face can be the username, but never the password.

Your fingerprint is exactly like your username: you cannot change it and you
always leave it in public.

~~~
IshKebab
You can use fingerprints as a password. They aren't perfect but in many
situations they are fine.

Security isn't black and white.

~~~
45h34jh53k4j
Dear IshKebab,

We at startup xyz take security seriously. We regret to inform you that on the
night of 1st December 2016 our database was compromised. The database
contained your name, address and fingerprint data.

Please see a plastic surgeon about resetting your fingerprints at as soon as
possible.

Thank you, Startup Xyz

~~~
IshKebab
Obviously fingerprints can't be used in that situation, buy think about
something like your front door lock. You don't need paranoia-level security
(you probably have breakable windows anyway) but you want to stop random
people who aren't motivated enough to steal your fingerprint from walking in.

Or think about locking your phone. Most people only want to stop their friends
and family - they're not going to copy you fingerprint. Even FBI nearly
defeated by TouchID. (You're probably thinking that they could have easily
bypassed it, but they only had 48 hours to do so.)

~~~
watersb
I don't understand the qualifier "in that situation": the user cannot
determine what the "situation" may be at some point in the future.

I _do_ use the fingerprint reader on my iPhone, and I believe that the
fingerprint data is never sent to another device. Ever.

There are real problems to using the iPhone fingerprint with apps, in that the
apps tells me it needs to store an encrypted version of my password on iCloud
in order to enable fingerprint unlock. The Bad Guys could get my encrypted
password and I might never know.

But I wouldn't have to change my fingerprint in that case.

~~~
IshKebab
In the situation where a website stores your fingerprint.

------
HashThis
The truth is that we can't trust INTEL. Their CPU micro-code or ME (Management
engine) can and does "phone home" to the internet, grab updates and update the
CPU. They don't allow the customer to turn this OFF, which betray's the
customer who purchased the CPU. Anyone who can sign the update and intercept
the download channel can update your CPU with you having no ability to protect
yourself. We can't trust intel.

Intel needs to allow 3rd parties to build a small piece of hardware for
private key storage, generation, signing and encryption, with self-distruction
upon tampering. Then customers need to be able to go to the store, pick which
vendor they want, and they plug it into their motherboard. By selling them in
the store when the customer can make a surprise purchase, then that prevents
tampering upon shipping withe ecommerce deliverables.

~~~
akerl_
What are some good resources to learn more about the phone-home functionality
in their microcode? I've been trying to find more details and have been unable
to do so.

~~~
temptel
You've been unable to find that information because no such "functionality"
exists. Microcode just patches bugs or configuration details of the CPU; it
doesn't "phone home".

~~~
benchaney
How could it possibly patch bugs without phoning home? Are you claiming that
it is self modifying code?

~~~
akerl_
I wouldn't consider "running an update where it pulls new code" to be "phoning
home", any more than my car is "phoning home" when I drive it to the
dealership for repairs.

The implication the comment I was replying to gave was that the device sent
unexpected network traffic back to Intel HQ, with the connotation that it was
doing so to leak information about my system.

~~~
benchaney
"Running an update where it pulls new code" is definitely an example of
phoning home, and it opens the door to all sorts of vulnerabilities, such as
the one featured in the Apple vs the FBI case.

~~~
twr
Intel microcode updates on Linux are provided through regular distribution
repositories. There is no phoning home feature.

~~~
benchaney
Do they get updated when you run the package manager, or do they update
automatically?

~~~
twr
Binary packaging systems download microcode.dat (a text blob containing
microcode) from Intel during the build process. Microcode.dat gets converted
into an initramfs image that supplies the new microcode early in the system
boot. Users download the built binary package, which then modifies the boot
parameters of their system.

So normally only the build servers contact Intel. Source-based distributions
may. But even then the source files are verified with cryptographic hashes
(which are in turn signed by the maintainers' private keys).

Edit: I may have misread your question. I thought you were asking by
implication if the microcode blob is pulled after the install. If not, then:
No. Updates happen when the package manager decides.

[https://www.kernel.org/doc/Documentation/x86/early-
microcode...](https://www.kernel.org/doc/Documentation/x86/early-
microcode.txt)

[https://gitlab.com/iucode-tool/iucode-tool](https://gitlab.com/iucode-
tool/iucode-tool)

[https://downloadcenter.intel.com/download/26400/Linux-
Proces...](https://downloadcenter.intel.com/download/26400/Linux-Processor-
Microcode-Data-File)

------
daenney
I'm rather concerned about the face recognition part and how easily that might
be fooled. Has anyone tried that?

It's an interesting take on a password manager though, I do like the second
factor through an additional device before it grants access.

~~~
lyle_nel
Although not this particular face recognition. I managed to fool face
recognition passwords in the past with a simple photograph of the person. As
you would expect it works perfectly fine.

~~~
zeta0134
This is part of the reason Windows Hello won't use standard webcams for facial
recognition. They require a depth camera (very unusual feature on laptops,
usually marketed as Intel Real Sense) so that a simple photograph isn't enough
to fool the camera.

This is still far from perfect though; a truly determined bad actor could
create a passable 3D model, or even a face mask, and probably still fool the
sensor. It just takes more work. The whole point of passwords is that no one
can know them but the person intending to use them. Using a publicly visible
part of my body is just asking for trouble.

------
msimpson
First, it's important to realize that biometric identifiers are not
constitutionally protected in the United States under the fifth amendment
given current legal precedents:

"A Virginia Circuit Court judge ruled Tuesday that police officers cannot
force criminal suspects to divulge cellphone passwords, but they can force
them to unlock the phone with a fingerprint scanner."

Source: [http://blogs.wsj.com/digits/2014/10/31/judge-rules-
suspect-c...](http://blogs.wsj.com/digits/2014/10/31/judge-rules-suspect-can-
be-required-to-unlock-phone-with-fingerprint/)

Second, as others have already noted, you cannot hide or change most biometric
identifiers and some people may not even have them at all. Therefore,
passwords will always be the safest, most accessible option. However, more
education regarding their creation, use, and support needs to occur:

Password Strength: [https://xkcd.com/936/](https://xkcd.com/936/)

Password Reuse: [https://xkcd.com/792/](https://xkcd.com/792/)

NIST’s new password rules – what you need to know:
[https://nakedsecurity.sophos.com/2016/08/18/nists-new-
passwo...](https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-
rules-what-you-need-to-know/)

Personally, I like to choose a small token representing the site or service at
hand, then surround it with multiple pass phrases I've memorized over the
years. This creates a strong password which is both unique and easy to
remember. Not to mention when a site I use is inevitably hacked and my hash is
stolen, I only need to update a single instance of this pattern--not
reevaluate my entire system.

------
atemerev
Nice try, NSA.

------
quink
> Intel Security

Hmmm... Let's Google that.

> Intel Security Group (previously McAfee, Inc. /ˈmækəfiː/[3])

And I'm out of here.

~~~
lultimouomo
And in honor of the sacred McAfee traditions, Intel Security True Key is
bundled by default within the Flash installer; once you've downladed the
default installer, you can't even opt out of it. You need to pay attention and
unchecked the bundleware _before_ downloading it. Sneaky!

~~~
revanx_
Also worth saying is that if True Key is installed via Flash Mcafee bundle you
can't actually uninstall it, you have to manually remove the service and
delete the files/reg keys.

------
woliveirajr
Fingerprints can be faked in very ingenious ways. For example, [1] gives
"Hacker fakes German minister's fingerprints using photos of her hands".

Photos. Not even required to recover the fingerprint from the surface of
something. Tell me how secure is that.

[1] [https://www.theguardian.com/technology/2014/dec/30/hacker-
fa...](https://www.theguardian.com/technology/2014/dec/30/hacker-fakes-german-
ministers-fingerprints-using-photos-of-her-hands)

------
ForFreedom
After reading all the comments there is not one person who is in support for
the biometrics as a secure method but I see people being okay with biometric
on iPhones by saying apples security better.

------
dfarts
Fingerprint technology is hackable, easily so.

Edit: Face recognition is even easier. Iris scanners are the only sure way to
recognize someone.

~~~
redial
> Iris scanners are the only sure way to recognize someone

For now.

------
iou
My skeptic-sense is tingling!

------
shshhdhs
Here is the English landing page on Intel's direct site:
[http://www.intel.com/content/www/us/en/architecture-and-
tech...](http://www.intel.com/content/www/us/en/architecture-and-
technology/true-key/intel-true-key-technology.html)

~~~
sctb
Thanks, we've updated the link from
[https://www.truekey.com/de](https://www.truekey.com/de).

------
shock
Can the mods or OP change the url to the english version?
[https://www.truekey.com/](https://www.truekey.com/)

~~~
nobodyshere
The owner of this website (www.truekey.com) has banned the country or region
your IP address is in (BY) from accessing this website.

Awesome.

~~~
voltagex_
Strangely - Tor may work. I connected via a Brazillian VPN (from Australia)
and got a Cloudflare challenge.

~~~
nobodyshere
I don't see why I'd want to use a service that bans my country from even
accessing their website.

------
robinhoodexe
>AES-256, one of the strongest encryption algorithms available

Hmm... I'd take 4096-bit GPG over this any day. I rather like using pass[0]

[0][https://www.passwordstore.org/](https://www.passwordstore.org/)

~~~
georgyo
Little do you know that gpg uses a symmetric cipher like AES-128, only
encrypting the symmetric key with your asymmetric RSA keys.

