Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: A secure, open source U2F token you can make with $4.5 worth of parts (github.com)
267 points by conorpp on June 22, 2016 | hide | past | favorite | 92 comments

The author, Connor Patrick's personal site has a "looking for work" page[1]. It reads:

    I want to work on projects that do good. 
    I don’t want to work on projects regarding surveilance 
    or the weaking of existing cryptosystems.
Way to go Connor!

[1]: https://conorpp.com/work/

>>> I’m currently looking for work in the U.S. government.

A crypto work in the goverment not related with surveilance - directly or not- seems difficult to find.

Or am I missing something ?

Vast parts of the NSA are full of good people doing good work.

The Information Assurance Directorate is advancing the state of the art in cryptography and is leading the charge in developing quantum-resistant algorithms.


If you scroll down you see: "I’m a Cybercorps student, meaning I’m on a scholarship that obligates me to work for the goverment in security for at least 3 years after I finish school."

I'm certain there are lots of defensive security positions available. The government has lots of departments that work to strengthen at least their own security, not just surveillance/attack organizations.

You're able to work in federal, state, local or tribal government to meet the obligation.

There are plenty of information assurance roles that have no impact on surveillance, etc. But those roles don't involve direct crypto work.

It's "weakening".

Way to go, Connor.

My barrier to entry with a lot of DIY hardware projects was an incorrect assumption that it was difficult/expensive to get PCBs made. Looking into this, I found the blog of the guy running this project and he had some experience with various cheap PCB vendors, with stencils going as low as $18. [1]

[1]: https://conorpp.com/2016/03/13/my-experience-with-dirtypcbsc...

In addition to the vendors you mention via that link, OSH Park[1] is great option for hobbyists (or very small-volume production). This is the same source listed in OP. It's a board pooling group that puts many small-run orders on the same panel to economize on setup costs. OSH Park uses high-quality US manufacturers to produce the boards (with tight tolerances, silkscreen, soldermask, gold-flashed pads, etc.) I believe they used to use Amitron outside Chicago, but I'm not sure if that's still the case. I've had probably 300 boards made by them, and they've all been great.

In open source designs you can usually spot OSH Park boards by the distinctive purple color. Seeed Studio and the other Asian budget board houses are a decent economy option if you can get away with looser tolerances. OSH Park is nice for compact designs because the gold-flashed pads are better for surface-mount parts, since they aren't raised like traditional solder-painted pads. Unlike most quickturn PCB fabs they don't bury you with options; the standard options give you everything you need (ENIG, double mask+silk screen, either 2/4 layer, etc.). The OSH Park ordering wizard is a case study in how PCB orders should be done (upload and a couple clicks, with a graphical preview), and for the quality the price can't be beat. Because orders are pooled and then separated before shipping out, it is slower.

You can use the free and open KiCad[2] software (again, what was used in OP; tutorials[3,4]) to do schematic capture and board layout, have it generate some gerber and drill files, and then order the boards for a few bucks from OSH Park. KiCad won't do simulations like Altium or some of the other commercial packages, but if you just want to take a schematic and make a board it works fine. Definitely learn its hotkeys.

1. https://oshpark.com/

2. http://kicad-pcb.org/

3. http://teholabs.com/knowledge/kicad.html

4. http://store.curiousinventor.com/guides/kicad/

This must be awesome for training and university settings, to have such low cost options for learning the craft. Is it used much by startups / is it bringing down the barrier to entry that much?

Yes. Small startups that don't care too much about turnaround time love OSH Park and Seeed Studio.

My last company did care about turn time but also wanted affordable boards. They used PCB-Pool: http://www.pcb-pool.com/ppus/index.html

OSH Park has an "expedited" fee with which you can get a ~5 day turnaround.

One thing I noticed is that some of my friends that have been designing PCBs have been dismissing options like OSHpark for a long time. Apparently they still believe that it's not possible to create good quality PCBs with that pricetag. Even after I showed them some of my PCBs they still insist that I got lucky and tolerances will be too high to be useful ...

+1 for OSH Park.

A lot of amateur radio HF range projects use what is known as the "manhattan style" construction where, a copper clad board is used as a ground plane, so to speak and then tiny round pads are glued to it, which act as islands. The pads can be made using paper punch of appropriate grade. I have used cheap punch used for cutting paper and have made pads in the past. The parts are then soldered directly to these island pads.

Not sure if these can be applied to digital circuits, perhaps not very easily, since a lot of components are SMD these days, at least in the high speed digital domain.

Modern SMD microcontrollers tend to have pretty fine pin pitches, often in the 1mm ballpark. You really want a proper PCB for those.

I recently soldered a board using a MCU with a 0.5 mm pitch.

yep, I have done that too, with a third hand and a lens, as I have a bad eye sight.

Two-layer boards are now absurdly cheap, even in small quantities. The boards available from DirtyPCBs or Elecrow are perfectly satisfactory for most hobby projects. Four-layer boards with ENIG and fine pitch are now well within the realms of affordability, particularly small boards from OSHPark.

The most economical stencils are avaliable from OSH Stencils. They offer mylar stencils for $0.64/square inch, with a minimum charge of $5. Mylar stencils are perfectly satisfactory for prototyping or even short production runs.


The Kapton stencils from OSH Stencils are pretty good; today they just announced stainless steel stencils (obviously haven't tried them yet).

Yeah, PCB manufacturing really has opened up and become highly available.

On that note, the title neglects the price of the board, which will add to the total cost for building this. From OSH Park it's $4.60 for three copies of the board, bringing the total per token to $4.50 + $1.53 = ~$6.

That's a very interesting microcontroller by the way, I always think it's mildly amusing with 8-bit CPU cores sitting on a hardware USB peripheral. Looks like a nice chip, plenty of I/O, 5 V-capable, built-in 3.3 V regulator and USB firmware, and stuff. Thanks OP for sharing this!

My father made a simple PCB himself a few years ago. He designed the PCB with http://www.geda-project.org/ (I think?), printed out a negative of the PCB on a (printer-safe!) transparent page, and used an old overhead projector as the light source for the etching.

That being said, I suspect that methodology doesn't scale down to such small features, multiple layers etc. that you see in the link you posted, so at some point you have to give up on DIY etching.

At least in the fablab in my university you can make PCBs yourself (cheap, you have the result instantaneously). You can also get them done locally (expensive, relatively fast) or in China (cheap, takes long to ship).

If it's using a milling machine to cut the PCBs it's neither cheap (breaks a few end-mills per project), instant (have to redo the board several times to fix milling issues) not very useful (1 layer, huge tolerances)...

It's quite a shame the "fablabs" have chosen to go with that approach (for philosophical reasons mostly, I guess, as the milling machine could also be used for other purposes) rather than a decent simple etching process.

Sorry for the rant, I've seen a "fab academy" student struggle with the process quite unreasonably during the last few weeks...

Stencils aren't really needed, they're only really useful when using a reflow oven, and even then, I honestly think it's easier to hand solder for a single board than to pick and place and reflow.

You can get a T962A reflow oven for a few hundred bucks, even has mods:


I have the T962A and it works really well with the mods. I generally reflow batches of 12 boards at a time (on custom manufacturing jigs). Much easier than hand-soldering and the results are near-perfect.

I've gotten great results with dirtyPCBs for $14, I've made about five batches with them so far.

Two comments on the circuit:

1. If you're willing to add two more diodes, you can make the USB connector two-sided so that it can plug in either way. See http://electronics.stackexchange.com/questions/209941/two-si... for explanation.

2. The ALPS SKQGAKE010 (http://www.mouser.com/search/ProductDetail.aspx?R=0virtualke...) is inexpensive and popular. It looks like it's lower-profile than the button used in the current design, which means it'd be more likely to survive for a long time in a pants pocket, jangling along with a bunch of keys.

Thanks for the comments! I never thought of trying to do a reversible USB connection. And it's actually quite easy!

The button you point out looks like a better choice. It's about 10 cents cheaper than my current one. Currently sold out with 13 week lead time at Mouser! Must be popular.

Another version is this: http://www.mouser.com/Search/m_ProductDetail.aspx?R=SKQGADE0...

That one requires more force to press. It's also more expensive, but it's in stock now. It has the same footprint, so it'd be good for prototyping.

I just hope the keys are not his home/office keys. Please do not secure the access to your digital life with an U2F token and break the security of your real life by putting a picture of your keys in the open...

Those are pretty low security keys, just picking the lock might be easier than going to trouble of making them from the picture..

The keys used for the picture are not used. But yes it is not a good practice to post pictures of door keys.

It makes almost no difference in any practical scenario, because conventional pin-tumbler locks are comprehensively broken. They can be opened instantly by an unskilled person using a $5 bump key.


Impressioning from a photo only poses a meaningful threat to genuinely high-security lock systems like the Abloy Protec or the ASSA Twin.

Wow I actually never thought of the implications of doing that. Thanks!

You should not be using low security keys for home and office in the first place.

Plenty of people rent, and can't easily change the locks or add more locks to the house.

Upon saying that, I've added extra locks (bedroom locks) to the past 2 houses I've lived in, and the landlord had no issues, but that's student flats and cheap landlords.

That's not to mention that it's a lot easier to just break a window than pick a lock. I have never heard of a burglar breaking into a house by picking the lock. The sort of people that burgle residential houses tend not to be the sort of people with the skill, intelligence and finesse to pick locks.

> That's not to mention that it's a lot easier to just break a window than pick a lock.

Or in the case of residential interior doors, lean on the door kinda hard...

Only a plebe would secure their basement door with anything less than 2FA and 1024 bits of encryption.

On a more serious note I had something like this in mind: http://www.evva.at/products/mechanical-locking-systems/mcs-l...

Linux users should use cross-vendor U2F support rather than hardcoding device ids into the udev rules:


I'm curious about the following statement in the README:

> The token is durable enough to survive on a key chain for years, even after going through the wash.

On the other hand, the token is shown as "naked electronics", without a husk.

Is that really sufficient for such a device? Does it really withstand (mineral) water, mechanical stress (key chain), let alone the combination of both (washing)?

It's a good question. It's definitely not been through years of testing yet but in the past few months me and some friends have had no problems.

All of the parts have a low center of mass with respect to the PCB and are unlikely to catch on anything. Water and/or sweat won't hurt it as long as it's dry when you use it. I've tested it works fine after putting it through a washer and dryer.

However, making your own casing or 3D printing something like this [1] is always best

[1]: https://github.com/conorpp/u2f-zero/blob/master/hardware/cas...

It would absolutely not survive for very long like this (naked PCB on a key-chain). Mechanical damage from the actual keys on the same chain is what will kill it before water, sweat, washing liquid, pocket lint or ESD do.

First things to fail will be ceramic capacitors torn/cracked and leads of SSOP-20 package bent/shorted.

That said, it is trivial to protect the board from all of above - just wrap it (except USB connector) with insulating tape or better yet, cover with silicone putty, or similar.

Cast in epoxy. Cheap and quite durable.

Do you have any information on what you need to buy and how it works? Do you need a hot air station?

I think its a combo of two compounds that harden when mixed.


It's just a base + a hardener, mix and cast. Make sure you protect switches and connectors before casting. The reaction is exothermal, if you cast larger volumes you may need to cool the whole thing to avoid trouble (such as fire).

That sounds easy enough, thanks!


(In dutch, sorry, but you'll be able to find similar stuff all over the world)

Looks like it would do fine to me. You would want to clean it with alcohol if you ran it through the wash, to avoid corrosion, but otherwise it would be fine.

I think it would be tough to break the board, so mechanically the worry would be bending some pins such that they shorted.

I have no idea what the ESD sensitivity of the parts is, but if it's something your going to walk around with in your pocket, that's something to think about. I'd probably use some heatshrink tubing on it.

I'd be very skeptical about that claim without substantial evidence of it surviving in the field. Especially if you use ROHS solder, which is more brittle than leaded solder.

There is an ESD diode in the design but it only protects certain pathways -- a zap could come from anywhere if the thing is bare.

Haven't tried it yet, but there is this for smartcards. Not sure if it will work with blank java cards, I mean they provide the cap file and source.


Nice! I initially wanted to build a similar device using just an ATtiny85 that speaks USB using USBtiny [1] or V-USB [2]. It would be low-cost but also not secure. Using a crypto processor like the ATECC508A is obviously a saner choice.

[1] http://dicks.home.xs4all.nl/avr/usbtiny/ [2] https://www.obdev.at/products/vusb/index.html

As the ATECC508A is just an I2C peripheral you still have a broad choice for microcontrollers (as you still need a U2F program and U2F).

I choose to use a EFMUB1 from silicon labs.

This project is awesome, but I'd be worried about my hand brushing up against all that lead every day for years. Or am I being too paranoid? In any case, easily solved with some casting epoxy.

There is a 3d-printable case included in the repo!


TIL Github has an STL preview viewer.

The tiny amount of lead involved is very unlikely to be harmful. You could probably safely eat the amount of solder used to assemble that board.

I do think think a case is necessary though, as those SOIC packages will not last long in pocket with keys before they are ripped off the PCB.

Feel free to make it with Lead Free solder. See RoHS standards: https://en.wikipedia.org/wiki/Restriction_of_Hazardous_Subst...

Very cool! Has anyone published any work on using sidechannel information to extract keys from U2F tokens?

Yes. There is [1] which is on Yubikey OTP specifically.

And on a lot more that focus on general embedded platforms running common cryptographic algorithms. U2F uses elliptic curve cryptography (ECC) internally -- check out this source for DPA on ECC [2].

[1] http://link.springer.com/chapter/10.1007/978-3-642-41284-4_1...

[2] http://saluc.engr.uconn.edu/refs/sidechannel/

U2F seems great. I've just started using it and am looking for a device. Maybe now I'll build my own! His article on accelerating a program with hardware was a great read too. https://conorpp.com/2015/12/16/how-to-accelerate-a-program-w...

I use this $6 one.


which I can confirm works with google account, github, dropbox. It is a buttonless design that activates upon insertion.

While an interesting idea, the $4.50 board + $3 in smt parts equates to a 25% cost increase vs. the cheap one above, assuming you already have the tools/programmer. Long term durability of the one I linked is still in question, I've been using it since about Jan 1.

Github login still saves 20% on Yubikey U2F, putting it at $20 (US) shipped to the U.S. and Canada.


Here is a shared Mouser project list with the eight parts: http://www.mouser.com/ProjectManager/ProjectDetail.aspx?Acce...

I haven't carefully checked that the part numbers are equivalent. If you find an error, please let me know.

This is neat!

Is there also source for the firmware that runs on the secure element?

No it is purely a hardware peripheral that just has configuration options.


It still has firmware, of course, which cannot be audited -- which makes it exactly as secure as a $40 Yubikey. Perhaps even a little more secure - because a Yubikey is vulnerable to both Yubico and NXP employees, and U2Fzero is only vulnerable to Atmel. [Both, of course, 3 letter agencies]

Is there a similar chip with Curve25519?

What does this do that can't be done with a generic AVR chip? If you set the correct lock flags the memory and firmware can't be read or changed without a complete erase:


The crypto involved in U2F is extremely hard to do in an AVR. There are issues with sources of randomness (I'm currently playing with implementing entropy via Watchdog Timer jitter on the ATTiny85, which appears suitably random but is slow), and the capabilities of the devices themselves to produce output at reasonable speeds.

A slower Cortex M0 might not be sufficient to get decent speeds, but I suspect an M3, something like an AT91 could do the job.

Hmm. If the "insecure" processor is compromised, does that mean that it could ask the SE to sign an attestation even for a key that wasn't generated on the SE?

I didn't know github also supports 3d models with visualization

Is that green because it supports difs?!

Holy crap. That's awesome!

The programmer link is not working.

> The page isn't redirecting properly


Is there anything written on why this is a valid choice for improving op-sec versus going with a commercial offering?

Open source made from parts seems like it would be very much under your own control. But it is also... bespoke. Which raises a different threat model, doesn't it?

Bespoke solutions generally require bespoke attacks. If you're targeted as an individual by a state-level bespoke attack, you're going to lose regardless.

U2F defends you effectively against phishing and keyloggers, which are a widespread problem.

This looks fantastic, and doubly so because it uses KiCAD, which I love.

As far as I understood the U2F standard, the dongles need a FIDO-issued manufacturer key. Do sites accepting U2F just not check that the corresponding signature is present?

Addendum: See page 14 of the specs overview: https://fidoalliance.org/specs/fido-u2f-overview-v1.0-rd-201...

I really like the idea of using a token like this, but how do you back up the data if the key is not copyable?

That's the idea. You don't.

Either you generate the key some other way and write it into the device (but it cannot be read again), and backup the original; or you generate it on the device and do NOT back it up - instead you make a back-up key, and authorize both keys rather than just one.

I don't know if this supports external key. YubiKey does.

You don't back up the key any more than you back up a car key. It's reliant on either the password recovery process, or having a second key prepared.

This page seems to instantly crash the tab for me in Chrome

Optimised for style XD

Applications are open for YC Winter 2021

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact