I want to work on projects that do good.
I don’t want to work on projects regarding surveilance
or the weaking of existing cryptosystems.
A crypto work in the goverment not related with surveilance - directly or not- seems difficult to find.
Or am I missing something ?
The Information Assurance Directorate is advancing the state of the art in cryptography and is leading the charge in developing quantum-resistant algorithms.
There are plenty of information assurance roles that have no impact on surveillance, etc. But those roles don't involve direct crypto work.
In open source designs you can usually spot OSH Park boards by the distinctive purple color. Seeed Studio and the other Asian budget board houses are a decent economy option if you can get away with looser tolerances. OSH Park is nice for compact designs because the gold-flashed pads are better for surface-mount parts, since they aren't raised like traditional solder-painted pads. Unlike most quickturn PCB fabs they don't bury you with options; the standard options give you everything you need (ENIG, double mask+silk screen, either 2/4 layer, etc.). The OSH Park ordering wizard is a case study in how PCB orders should be done (upload and a couple clicks, with a graphical preview), and for the quality the price can't be beat. Because orders are pooled and then separated before shipping out, it is slower.
You can use the free and open KiCad software (again, what was used in OP; tutorials[3,4]) to do schematic capture and board layout, have it generate some gerber and drill files, and then order the boards for a few bucks from OSH Park. KiCad won't do simulations like Altium or some of the other commercial packages, but if you just want to take a schematic and make a board it works fine. Definitely learn its hotkeys.
My last company did care about turn time but also wanted affordable boards. They used PCB-Pool: http://www.pcb-pool.com/ppus/index.html
Not sure if these can be applied to digital circuits, perhaps not very easily, since a lot of components are SMD these days, at least in the high speed digital domain.
The most economical stencils are avaliable from OSH Stencils. They offer mylar stencils for $0.64/square inch, with a minimum charge of $5. Mylar stencils are perfectly satisfactory for prototyping or even short production runs.
On that note, the title neglects the price of the board, which will add to the total cost for building this. From OSH Park it's $4.60 for three copies of the board, bringing the total per token to $4.50 + $1.53 = ~$6.
That's a very interesting microcontroller by the way, I always think it's mildly amusing with 8-bit CPU cores sitting on a hardware USB peripheral. Looks like a nice chip, plenty of I/O, 5 V-capable, built-in 3.3 V regulator and USB firmware, and stuff. Thanks OP for sharing this!
That being said, I suspect that methodology doesn't scale down to such small features, multiple layers etc. that you see in the link you posted, so at some point you have to give up on DIY etching.
It's quite a shame the "fablabs" have chosen to go with that approach (for philosophical reasons mostly, I guess, as the milling machine could also be used for other purposes) rather than a decent simple etching process.
Sorry for the rant, I've seen a "fab academy" student struggle with the process quite unreasonably during the last few weeks...
I have the T962A and it works really well with the mods. I generally reflow batches of 12 boards at a time (on custom manufacturing jigs). Much easier than hand-soldering and the results are near-perfect.
1. If you're willing to add two more diodes, you can make the USB connector two-sided so that it can plug in either way. See http://electronics.stackexchange.com/questions/209941/two-si... for explanation.
2. The ALPS SKQGAKE010 (http://www.mouser.com/search/ProductDetail.aspx?R=0virtualke...) is inexpensive and popular. It looks like it's lower-profile than the button used in the current design, which means it'd be more likely to survive for a long time in a pants pocket, jangling along with a bunch of keys.
The button you point out looks like a better choice. It's about 10 cents cheaper than my current one. Currently sold out with 13 week lead time at Mouser! Must be popular.
That one requires more force to press. It's also more expensive, but it's in stock now. It has the same footprint, so it'd be good for prototyping.
Impressioning from a photo only poses a meaningful threat to genuinely high-security lock systems like the Abloy Protec or the ASSA Twin.
Upon saying that, I've added extra locks (bedroom locks) to the past 2 houses I've lived in, and the landlord had no issues, but that's student flats and cheap landlords.
That's not to mention that it's a lot easier to just break a window than pick a lock. I have never heard of a burglar breaking into a house by picking the lock. The sort of people that burgle residential houses tend not to be the sort of people with the skill, intelligence and finesse to pick locks.
Or in the case of residential interior doors, lean on the door kinda hard...
> The token is durable enough to survive on a key chain for years, even after going through the wash.
On the other hand, the token is shown as "naked electronics", without a husk.
Is that really sufficient for such a device? Does it really withstand (mineral) water, mechanical stress (key chain), let alone the combination of both (washing)?
All of the parts have a low center of mass with respect to the PCB and are unlikely to catch on anything. Water and/or sweat won't hurt it as long as it's dry when you use it. I've tested it works fine after putting it through a washer and dryer.
However, making your own casing or 3D printing something like this  is always best
First things to fail will be ceramic capacitors torn/cracked and leads of SSOP-20 package bent/shorted.
That said, it is trivial to protect the board from all of above - just wrap it (except USB connector) with insulating tape or better yet, cover with silicone putty, or similar.
(In dutch, sorry, but you'll be able to find similar stuff all over the world)
I think it would be tough to break the board, so mechanically the worry would be bending some pins such that they shorted.
I have no idea what the ESD sensitivity of the parts is, but if it's something your going to walk around with in your pocket, that's something to think about. I'd probably use some heatshrink tubing on it.
There is an ESD diode in the design but it only protects certain pathways -- a zap could come from anywhere if the thing is bare.
I choose to use a EFMUB1 from silicon labs.
I do think think a case is necessary though, as those SOIC packages will not last long in pocket with keys before they are ripped off the PCB.
And on a lot more that focus on general embedded platforms running common cryptographic algorithms. U2F uses elliptic curve cryptography (ECC) internally -- check out this source for DPA on ECC .
which I can confirm works with google account, github, dropbox. It is a buttonless design that activates upon insertion.
While an interesting idea, the $4.50 board + $3 in smt parts equates to a 25% cost increase vs. the cheap one above, assuming you already have the tools/programmer. Long term durability of the one I linked is still in question, I've been using it since about Jan 1.
I haven't carefully checked that the part numbers are equivalent. If you find an error, please let me know.
Is there also source for the firmware that runs on the secure element?
Is there a similar chip with Curve25519?
A slower Cortex M0 might not be sufficient to get decent speeds, but I suspect an M3, something like an AT91 could do the job.
> The page isn't redirecting properly
Open source made from parts seems like it would be very much under your own control. But it is also... bespoke. Which raises a different threat model, doesn't it?
U2F defends you effectively against phishing and keyloggers, which are a widespread problem.
Either you generate the key some other way and write it into the device (but it cannot be read again), and backup the original; or you generate it on the device and do NOT back it up - instead you make a back-up key, and authorize both keys rather than just one.
I don't know if this supports external key. YubiKey does.