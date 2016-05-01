Obviously the vast majority of people who use these devices are able-bodied and are able to use them as designed, but if somebody solves this problem there really is a market for it. They are great products, and if it weren't for this one stumbling block I would definitely be using them in my daily life. The inside of my laptop is the only privacy I have, and being able to have complete control over the locking and unlocking of it would be amazing.
It would be great if Apple made it possible to use the accessibility software on the login screen, that way I could tap in my own password but you can't use the accessibility software until you are inside the OS. Grrr.
Anybody got any ideas about how I could solve this, or any direction I could investigate?
(Sorry for mildly hijacking the thread, but thought it was somewhat relevant)
Maybe someone you know could take the yubikey device, attach a wire to it, then connect up a relay or something that could be controlled (using whatever interface you already have - I'm not that familiar with such medical devices) to activate the relay. When the switch contacts close, the other side of the relay could be connected to an earth-grounded point. That should activate the yubikey (I believe).
Note that the wire and relay and such will need to be shielded as well (to prevent stray capacitance - like somebody walking by or such - activating it). Coaxial cable like that used for oscilloscope leads would be great, and put the relay inside a metal box (and connect the shielding of the cable to the box).
Hmm - this is getting more complicated than I thought - but I think the basics are there. Here are some other links that might help as well:
http://playground.arduino.cc/Main/CapacitiveSensor (has a nice diagram/schematic of how these form a "circuit" for the microcontroller - this may or may not be what the yubikey uses)
A couple of PDF app notes from Texas Instruments on implementing capacitive sensing:
http://www.ti.com/lit/an/snoa952/snoa952.pdf
http://www.ti.com/lit/an/snoa926a/snoa926a.pdf
Good luck, and I hope this helps or leads somewhere for you!
I have an older Yubikey stashed somewhere - if I can unearth it, I'll do some tests. But I suspect it could be something as simple as a wire: on one end touching the computer's ground circuit, while at the other coiled up to make a flat spiral the size of the sensor, and having that touch the sensor. The wire could probably be isolated, because the sensor is based on capacitance, so it does not require a full circuit.
A simple way to get a ground connection to the computer is via a fake USB connector. Pin #4 is ground.
http://www.hobbytronics.co.uk/usb-connector-pinout
Or perhaps the outer metal jacket of the USB connector would also get a ground connection.
With a Mac laptop, maybe it's enough to just touch the metallic case to get a ground connection.
TLDR: A wire, connected to computer's ground at one end, with a little metal pad (or flat coil) at the other. Bring the pad close enough to the sensor, and it should trigger.
Also, most implementations of security with yubikey-type devices I've seen use it as a secondary authentication mechanism and still require a password, so it wouldn't actually solve your original issue of hands-free access. :( There may be ways to configure it to be the sole means of authentication though.
Incredibly insecure vs the OTP/U2F modes, but probably better than telling people your password.
http://www.gkchain.com/gatekeeper.html
I haven't looked into the OTP functionality of it, since I decided to go with a YubiKey myself, but a friend loves it for hands-free automatic locking and unlocking of his computer as he comes and goes.
I can't remember the exact name of the product, but I installed it with good faith and it completely locked up my Mac so badly I had to reformat the computer.
So colour me a little reticent to try this, although if the gatekeeper guys are reading this I'll be happy to beta test one for you. You know, purely for accessibility reasons. :-)
2. walk to cafeteria with laptop that looks like any other. let owner watch unlock it for you.
3. profit!
4. optional, return laptop before lunch is over for full stealth.
I'm thinking of one in particular which I can't find at the moment, but I remember seeing a really fantastic video where one guy described in detail how he reverse engineered the mac thunderbolt interface and was able to flash malware bootcode on to it even when locked. Once that malware was installed, it could do pretty much anything, including get encryption keys to your hard drive, intercept all keystrokes, etc.
If anyone has a link to that, please post it here.
Also, there this:
https://news.ycombinator.com/item?id=7123121
Not saying it's not a real vector, but it's hardly one that would keep me up at night.
Most people will just ignore it and call a fluke. Just like everyone does when their servers signatures changes. everyone just save the new key and type their passwords away ;)
Mmmhh, why not test this ...
... I have just tried this out. I used the wires from an old headphone and tied it to the trigger. I can Trigger the single click by pulling on the wire. I even managed to trigger the long click, but that was not very practical. I tried pulling it with my mouth, but since you don't need that much force, maybe connect to headphones or something would be enough. My laptop was constantly shifting about, but maybe if you have setup where the computer is fixed, that might be less of a problem.
You can configure the static password on Slot 1 (single click) and you can still use U2F if you like (You can even login with U2F and use Slot 1 for something else as well).
I don't know what your setup is, but that's the idea that jumped to my head. Sorry if it is stupid.
Yep, right there with you and agree and everything. Still, sucks balls to be disabled in this situation and I'm also fairly sure that Apple has the engineering talent to make this possible. One would hope, anyway!
This is a really hacky/bespoke idea, and I apologize if I'm being naive, but I wonder if you might be able to string a Yubikey Nano (https://www.yubico.com/product/yk4nano/) via a USB extension cable to someplace accessible to you around your head? Someplace you could trigger it with head motion?
You'd still have to figure out integrating the Nano with your login screen, your password manager, etc, but this seems like it might maybe be a viable first step.
But yes, that would be one solution and great minds think alike. :-)
As well, I just performed a test by rubbing my nose on my Nano, and it worked as intended :)
In fact how about this, you can have mine – for free. I never use it anymore, and if there's a chance it'll help you I'm happy to just send it your way. It's just collecting dust at this point anyway.
I assume they dropped it because it wasn't actually secure, I remember my brother getting past mine once with only a couple of tries.
Presumably we could do better today, but as far as biometrics go, I'd put my money on Windows Hello's facial recognition over voice showing up again. Apparently they've done a better job of it than the Android handsets a couple years ago managed.
I would absolutely love to use free and open source software for both my operating system and everything else, but only Apple provides an experience for people with profound disabilities that even comes close to the experience normal people have with their computers.
This reply might come across as snarky, but it isn't and I really have tried to find other operating systems that would allow me to do this. Not found any yet in a decade.
https://wiki.gnome.org/Accessibility
Fedora or Debian is probably the easiest way to get a GNOME desktop these days.
I mean I'm obviously going to try and change the state of accessibility and Linux by submitting bug reports and getting involved, but it's a long slow process and in the meantime I need a computer that works.
Really. Hard.
Narrator can run at the login screen too. https://support.microsoft.com/en-ca/help/17173/windows-10-he...
I think the form factor for these things is just wrong. I don't always have my keys with me. I do have my phone much more frequently. Even more frequently I have things like my Pebble. Maybe some kind of NFC interface with a wrist watch would be a better alternative.
The phone does not force re-entry of this stuff so often that it would bother me.
When I am on my laptop, I absolutely love the Usability. Its much better then SMS or TOTP.
[1] https://www.passwordstore.org
I have both enabled on the sites that support both.
I use U2F when I have the key near me, and use HOTP on my phone otherwise (like you, my phone is typically closer to me than my U2F key).
A common response at this point goes "But then doesn't introducing HOTP remove the security benefits of U2F?" No. One of the main benefits of U2F is that it is phish-proof: the U2F key cryptographically authenticates the server, rather than the user eyeballing the address bar, which is how server "authentication" works with HOTP.
NFC makes this a little easier, but I still usually don't keep my keychain (that is my physical keychain with my house and car key) on my nightstand, while I do keep my phone there.
tl;dr: Laptop + 2nd Factor = YubiKey. That's OK and it works.
Phone/tablet + 2nd Factor = ???
Now that I think of it, why is 2fa needed in a laptop with a fingerprint sensor?
It's a one-time write of a seed at device set-up time. It's not an exact clone, but will give the same response to certain challenges.
https://www.yubico.com/support/knowledge-base/categories/art...
https://www.yubico.com/products/services-software/personaliz...
> I thought the whole point of having a hardware token in the first place was that it's _not_ easily copied?
The process generally requires the person personalizing the key to intend to make two (or more) from the beginning of the process. Otherwise, the secret bits that must be entered into the other device to allow one's 2nd Yubikey to generate the same responses to the same challenges will be lost...
I decided couple of months ago to secure entire family. Bought half dozen Neos, worked out all the kinks on my computer + Android phone first, put everything in LastPass (I know, I know, I know... but you have to consider the target audience ;).... only to discover on "go-live" that my wife's iPhone 6s is bloody useless with the thing. Apparently iPhone doesn't fully grok NFC or something? Not sure... :-/
users cannot use the NFC chip in it except for Apple Pay
Thanks for the info. My wife is unfortunately locked into iPhone due to work standard, but something to keep in mind long-term.
That said, LassPass says that when Firefox supports U2F, they will also try to support it. So maybe the OTP stuff is not that important.
Dashlane Password Manager already supports it.
That said, Apple doesn't advertise the iPhone as having NFC. It's just an implementation detail for the features they do advertise.
Will Apple support NFC tags in iOS 10 for the iPhone 7? :
https://gototags.com/blog/will-apple-finally-support-nfc-tag...
https://gototags.com/blog/apple-iphone-7-support-nfc-tags/
You want a Y4 if:
* You SSH into sensitive machines.
* You log into a VPN that you control and can configure to use the Y4.
* You're actually relying on PGP.
ECC keys should work, but haven't tried that (I use RSA-4096).
[1]: https://developers.yubico.com/PGP/SSH_authentication/
https://github.com/lfit/ssh-gpg-smartcard-config/blob/master...
https://developers.yubico.com/PIV/Guides/
There are a number of tools you can install yubico-piv-manager/yubico-piv-tool but check the guides.
I had some problems with this, somehow I could not add the key to ssh-agent, but that was related to the ssh-agent, not sure its a general problem.
Note, this does only support 2k keys. If you use the GPG Smartcard and a Authentication Subkey you can get 4k keys. The advantage of PIV is that you can actually use ssh-agent and you don't have to use gpg-agent. Gpg-agent does not have all the features that ssh-agent does, and for me that was relevant.
I prefer to keep the two separate anyways.
EDIT: Never mind, it works perfectly, thanks!
How did you solve it?
Unfortunately, there's no perfect solution, so I just added an alias "yubissh" to include the library in the command line :(
I haven't found anything else that manages RSA Keys, TOTP auth and U2F in a single package. I'm going to buy this because it plugs into my pixel phone and it seems like it'd be more secure and convenient than my current Neo with NFC.
The actual usage is exactly the same as Google Authenticator with 1 more step (NFC with NEO or plugging in the yubikey 4) to get the OTP.
I was in a pinch once and had to do TOTP, so I grabbed the phone of my friend, downloaded the app and used it to log in.
If you're on Ubuntu you can use the package yubioath-desktop from this PPA:
https://launchpad.net/~yubico/+archive/ubuntu/stable
Preferably looking for something open-source and in no way associated with Google.
The sweet spot is for Bitcoin wallets, but it does the other stuff (U2F, ssh, gpg, passwords). Hardware is interesting. Everything open source. You can add your own "apps".
U2F: https://blog.trezor.io/secure-two-factor-authentication-with...
The external screen add even more security and that is very cool. UAF/U2F both have support for external monitors in the protocol, so its really good security.
The ssh/gpg stuff is less advanced then that of the Yubikey, all guides suggest running some special scripts. With the Yubikey you can set it all up so this is not needed. Maybe this works with the Trezor, but I didn't find any guides for this.
I really want Trezor to support UAF as well, given that it has a PIN entry system, this should work.
If you need a Bitcoin Wallet, Trezor is cool, if you want a tool primary for login (U2F/OTP/TOTP), a Yubikey is preferable.
I think that makes it even more secure. Google house lots of people running around with these.
That reminds me of how for a long time people were saying that encryption influenced and blessed by the NSA must be secure because government agencies were using it and the NSA wouldn't weaken their encryption.
Turns out they did.
Source: https://news.ycombinator.com/item?id=13033080
Paging HN user and product vendor: lisper
Unfortunately the guy who is doing it no longer has time for it.
How so? I would keep this on a keychain or lanyard (it looks rugged enough to handle that sort of environment). When I need to authenticate, I plug it in, when I'm done, I unplug it. That seems a lot more secure than leaving it in the computer all the time. If someone gets my computer and the YubiKey is always installed, that sort of defeats the purpose of having a separate hardware security device. In that case, why not just use Keypass?
When I leave my computer out of my eyes it usually locked (unlock with password), so I don't expect somebody to quickly go in and do something. If I leave for longer, I sometimes pull the Nano out and put it somewhere I don't lose it for a while.
The advantage of your system is that you can use the U2F screen unlock instead of the password.
Take the devices you use: how many exploits have there been in the last year where an attacker who could get you to click on a link, view an image, etc. could run code on the device? Maybe you have something like the iOS sandboxing between application which would stop a compromised browser from compromising your authenticator app but there are many cases where attackers have been able to bypass that.
Using a hardware token prevents almost all of those attacks and means that if you are compromised you'll have an easier time regaining control. They also have some nice benefits such as not running out of battery when you need them in an emergency.
This thing might protect from keyloggers but useless against proper malware that just waits for you to authenticate.
Those companies are usually financial services, online games with monthly subscriptions, and corporate IT/Security services. So they have a high customer LTV and the investment is worth it for them.
Yubico was smart to go after that market. It is costly to design, mould, manufacture, sell and support a hardware product, even something as small as this. Since you don't want your 2FA company to go out of business there is good value in knowing they have a stable business model that can actually support a company rather than just burning capital.
Pure U2F sticks can be done much cheaper. The Yubikey one only costs 18$, but the U2F standards was designed for cheap devices. You can get U2F sticks for less then 10$ on amazon.
but for your family, it is better than nothing and much more cost effective.
The only issue is that the hole for the key ring has a thin wall, so I have a plastic coated keyring to prevent the metal from rubbing the hole.
Interesting. How does that work? Have you any references to that?
The NXP chips inside the yubikey claim to be hardened against several such attacks (although I have not confirmed).
NXP is a cagey company. For example, I am a researcher, and I wanted to get the yubi-key's unlocked to write and test new u2f protocols on their hardware. They wouldnt sell me development keys, and claimed that the restriction was placed on them by NXP. I wrote half-a-dozen requests to the NXP people, and they never replied.
https://amazon.com/HyperFido-K5-FIDO-U2F-Security/dp/B00WIX4...
It's even easier for Github and Google Mail. For web services, the right stack is:
* Hardware U2F token
* Backup software TOTP (Duo or Google Authenticator or whatever)
* Backup printed (or saved on offline USB key) passcodes
* Disabled SMS.
Unlike SMS, which is devastating to security even as a fallback, having a software TOTP option is basically fine; most of what U2F buys you is unphishability. This leaves you with two levels of backup, one of which is reasonably secure indefinitely.
But if I'm, say, protecting my GitHub account against Russian mafia hackers, that still seems perfectly fine?
You might need to remove it as an account recovery number as well. Those can effectively downgrade your login to one factor.
This was the answer. Google prompt isn't allowed with hardware tokens. Backup codes evidently don't count. So the only way is to set up Google Authenticator on a phone. Authenticator from f-droid works. After I set up Authenticator, I no longer got the "Something went wrong. Try again" toast when trying to delete the sms number.
Edit: Just realized what Yubico Authenticator is for :)
You have to have TOTP and Backup keys. Maybe this is a recent change.
I've been SSH w/ yubikey key only for about 6 months now and haven't had any issues with it. I regularly move between multiple computers. Once I set it up on one computer I've never had it take more than 15 minutes to get up and running on any computer I've need it on (window or linux).
The only thing I'm really missing is the ability to log into my server from my phone. There was some talk of getting ConnectBot and Open-Keychain talking to each other to get this working but it appears to be stalled.
U2F (Google, Dropbox, Facebook, Github, Bitbucket), TOTP (Slack and everybody else that does not support U2F), Yubikey OTP (LastPass), static password for luks decryption (additionally to normal password), GPG Smartcard
The only feature Im not yet using is the PIV SSH stuff.
I also just like hitting the button and printing out OTPs when Im boarded.
Same thing goes for anything else involving GPG keys - email, signing git commits or tags, software releases, etc.
I don't personally use it for OTP. I do use it for services that support U2F (which is different from OTP, and has the main advantage of being immune to phishing).
Lets go threw it. Yubikey supports a number of different 2FA workflows. It supports TOTP (together with a phone), HOTP, Yubico OTP (that is there own standard based on HOTP) and of course most importantly U2F. U2F the new and improved 2FA standard that gives you interesting things like phishing protection.
It can also be used to issue a static password, and it can also be used in a ChallangeResponse mode (you send something it and it will get hashed). Both of these can be used to do decryption while booting for example.
Now lets get to the more advanced stuff. Yubikey is both a GPG Smartcard and a PIV Smartcard. Essentially this allows you plug in your Yubikey and then automatically your GPG and SSH keys will appear as if they are on the system. If your program, for example Thunderbird or SSH, tries to use the private key, it will require a PIN.
This allows you to have no key material on your computer. If you are hacked the attacker has no access to your private keys (and hopefully thanks to 2Fa not to many of your accounts). Even if you lose the keys themselfs your keys will probably not leak.
Depending on your situation and security needs you will want this stick either always plugged in your machine, or you want to carry a stick around on your keychain.
As for how to set it up, Yubico has lots of documentation.
https://developers.yubico.com/
If you have questions, you have my keybase :)
[1] https://www.yubico.com/why-yubico/for-businesses/computer-lo...
https://www.yubico.com/2016/05/secure-hardware-vs-open-sourc...
The drawback is that the code could be long. A few years ago, the codes were just 6 digits. My latest nano spits out a very long (20 char?) alpha-numeric string.
Is this Yubikey capable of something similar?
That being said I got a bit concerned about the use of closed source components in newer yubikeys (I believe that the yubikey 4 is open source and the later ones aren't, but don't trust me on that).
For this reason I also bought a nitrokey as a backup. It's a bit slower than the yubikey (I use 4096bit keys) but it works well. I really don't like the plastic cap on the nitrokey though, I feel like I'd lose it within a week if I started using it as my main key. The Yubikey doesn't have any protection at all but it looks sturdy enough that it doesn't really matter. It's been on my keyring for months and it seems to handle the abuse just fine.
However, with the Yubikey you can type in your password, then have the Yubikey enter your static password. That way you sort of get 2FA for the unlock screen.
Was expecting to be able to use it to log in to Google using their 2FA key.. but only works on Windows from what I can see...
Anyone know anything about this?
https://developers.yubico.com/libu2f-host/
or maybe even better:
https://github.com/amluto/u2f-hidraw-policy
On the Yubikey its also possible to deactivate individual modes. If somehow U2F mode was disabled, it should not work anywhere, but if you don't use the other modes, maybe deactivate them. In earlier version there were some problems.
Probably its the first one.
[1]: http://www.kingston.com/us/usb/personal_business/DTDUO3C
https://www.yubico.com/product/yubikey-4-nano-usbc-bundle/
I don't see the point of a dual device except to add size and expense. I'd rather just go with a dongle, as it can be reused.
Biometrics are fine to identify someone. Biometrics, being public data, is not acceptable for authentication nor authorisation.
To use another example:
You get to border control, and present your passport. The agent ensuring that the description in the passport matches the person standing in front of him/her, that is identification. The agent verifying that your passport is genuine and valid, that is authentication. The agent giving you access to a country based on the laws and arrangements between those two countries, that is authorisation.
Anything that can be copied/stolen with a good enough picture or forgotten glass/mug is not good enough for authentication/authorisation.
And even if it was; if someone is willing to physically intervene in your security by stealing your YubiKey, chances are they are willing to 'coerce' you to cooperate with unlocking a biometric lock as well…
Sooooo... fingerprint auth is a useless security measure even for normal citizens.
http://blog.dustinkirkland.com/2013/10/fingerprints-are-user...
* Something you know - the service's password
* Something you have - the phone with the authenticator
* Something you are - your fingerprint
EDITED - formatting
Yubikey has been around a long time and has made every effort to be a transparent company with a support for open source. Truth is, that is sometimes hard to do.
I found this article rather interesting, back when it first came out: https://www.yubico.com/2016/05/secure-hardware-vs-open-sourc...
>Reminder that open source projects are not provably more secure, nor is it easy (or even possible in many cases) to assert the source you see made the binary in question.
I can (and do) read the code for security-related software, and I can at least check for obvious backdoors and flaws myself. With reproducable builds it is possible to assert the source you see made the binary in question (and security related software must support reproducable builds for this reason).
If you want to convince yourself the product is secure, that's up to you, but it's not.
So yeah, there is a reason they didn't do that. The hardware they're using specifically makes it difficult to do the verification you want to do. Which is directly related to foiling the kind of attacks they want to foil.
> If you want to convince yourself the product is secure, that's up to you, but it's not
I think we have the same goal, but you have a conviction that open source stops "obvious back doors." It in no way would help that at all in this case. The hardware is configured before it is shipped, then locked in a way designed to prevent rewriting or inspection. You have no rational basis for the belief that the source code on a website and the binary a malicious and deceptive actor would deploy to the hardware are the same thing.
Being open source only affects the way security auditing can be done. It doesn't guarantee better quality.
>So yeah, there is a reason they didn't do that. The hardware they're using specifically makes it difficult to do the verification you want to do. Which is directly related to foiling the kind of attacks they want to foil.
Then they've chosen the wrong hardware. This doesn't make it more secure, it just explains why their product is insecure.
>I think we have the same goal, but you have a conviction that open source stops "obvious back doors." It in no way would help that at all in this case. The hardware is configured before it is shipped, then locked in a way designed to prevent rewriting or inspection. You have no rational basis for the belief that the source code on a website and the binary a malicious and deceptive actor would deploy to the hardware are the same thing.
I already addressed this - reproducable builds. I don't have to take anyone's word for it.
If the hardware is more resistant to hardware and software attacks, it seems odd to then deem it less secure just because you don't get source code that isn't guaranteed to correspond to a given binary.
> reproducable builds
There's so much literature on how this methodology fails, some of it quite famous. There is no assurance that your device conforms to the build you can reproduce, unless you can arbitrarily inspect the state of the entire device at each step. Being able to do that would defeat the purpose of these devices.
It may be, but there's no guarantee it behaves the way it claims to. There's no guarantee it's not backdoored. There are powerful actors involved in these areas.
>There's so much literature on how this methodology fails, some of it quite famous. There is no assurance that your device conforms to the build you can reproduce, unless you can arbitrarily inspect the state of the entire device at each step. Being able to do that would defeat the purpose of these devices.
Care to cite some of this literature?
It renders your point about source code moot though, doesn't it. Security is ultimately the art of trust propagation.
> Care to cite some of this literature?
The most famous discourse here is the "untrustworthy compiler problem." Most famous citation is by none other than Thompson: https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thomp...
Trust chains are their weakest link, and people often put a lot of trust in compilers without really asking what it is doing. Not unlike crypto, we're told not to roll our own.
People have proposed ways around this, but they're not very good (http://imgur.com/a/BWbnU#0). The moral of the story is that at some point, you extend trust to someone. Security is never absolute.
I don't see how that follows. If I can audit the source code and confirm that the same code is running on the device, the weak link is reduced to my ability to aduit it (combined with everyone else who's auditing it as well and might publish their findings).
>The most famous discourse here is the "untrustworthy compiler problem."
I thought this might be what you're talking about, but this is ridiculous. Do you really think that the Yubikey folks have backdoored my copy of gcc? Dude.
And if the hardware itself has microcode that overrides your code?
> but this is ridiculous. Do you really think that the Yubikey folks have backdoored my copy of gcc?
Actually, I think the first and foremest threat would be, "Could someone insert a yubikey into a malicious device that changed its behavior such that it now leaks information and does not provide actual security."
Because those kinds of attacks actually exist. Ultimately, what you're arguing for is the pleasure and moral superiority of being able to do that audit. Not only does that audit not give you many guarantees, but giving you the ability to do that audit opens you up to much more sinister attacks.
Hard to defend against this, but it can be helped by using well understood architectures and letting us confirm that the microcode being run is the same microcode that the upstream CPU vendors are publishing.
>Actually, I think the first and foremest threat would be, "Could someone insert a yubikey into a malicious device that changed its behavior such that it now leaks information and does not provide actual security."
I'm not going to keep entertaining this discussion if you keep disregarding everything I've already said. I've already said I'm only asking for read-only access. In any case, defending against physical compromise is close to impossible anyway.
And I've addressed that.
> In any case, defending against physical compromise is close to impossible anyway.
This is a non-statement. I think your religion is getting in the way of further discussion. Goodbye.
Unless you physically inspect each and every device (since they could easily run multiple lots) your faith is in the fabrication of all of the ICs used in the design. Not to mention that the computer you stick these into suffers from the same problem. On the theoretical side, all of the math which this is based upon is probably taken by most people on a faith basis. There is a lot of faith to go around. It just depends where you draw the line.
- Microprocessor can look at the binary, recognize the patterns ("oh, this is OpenSSH trying to generate a key... lets give them an easily breakable one") and do whatever it wants with it.
Remediation: build your own compilers, build you own processors, from your own schematics, in your own foundry (cost: $billions), built by yourself.
Good luck?
The audience here is unlikely to send a check to the Nigerian prince looking to smuggle his money to America, but if you're arguing that we shouldn't trust yubikeys against APT backdoors, we're talking about a much higher quality of phishing.
I'll take my odds with yubikeys firmware rather than try to vet every site I enter a TOTP code into
>The available data
source?
Obviously the vast majority of people who use these devices are able-bodied and are able to use them as designed, but if somebody solves this problem there really is a market for it. They are great products, and if it weren't for this one stumbling block I would definitely be using them in my daily life. The inside of my laptop is the only privacy I have, and being able to have complete control over the locking and unlocking of it would be amazing.
It would be great if Apple made it possible to use the accessibility software on the login screen, that way I could tap in my own password but you can't use the accessibility software until you are inside the OS. Grrr.
Anybody got any ideas about how I could solve this, or any direction I could investigate?
(Sorry for mildly hijacking the thread, but thought it was somewhat relevant)