i find it really interesting that, while making a lock that resists picking by -doing nothing- is pretty complex and expensive, making a lock that resists picking by -permanently failing closed- is damn near trivial
Conversation
it's interesting because, observing that almost no locks on the market use trap pins (based on some quick googling), one can conclude that people value availability much more than security, in general
6
13
61
most locks aren't security devices! they're... availability devices. they must provide high availability for you and slightly lower availability for everyone else. but not much lower or they become bad
Quote Tweet
Replying to @whitequark
I think "locksmith can just pick it for you so you can get your keys" is a much more important usecase than preventing a sneaky home burglary
3
11
61
anyway, apply this thinking to infosec and you'll understand why i consider personal (non-enterprise) use of HSMs like Yubikey hard to justify (* see caveat). they focus on security but availability is generally more important, and it's so easy to lose or break them
3
4
30
Replying to
Trezor Model T can be used for U2F / SSH / GPG in addition to the baseline wallet functionality, and it provides a proper recovery mechanism. It has an implementation of backing up and restoring the seed phrase by writing it down without exposing it to a general purpose computer.
1
1
You aren't locked in to the specific hardware for recovery either, and there's an official software emulator for the device. There are other compatible hardware implementations too, although U2F/SSH/GPG support based on the BIP39 seed is less portable than wallet functionality.
1
1
github.com/romanz/trezor- supports 4 hardware wallets in a portable way right now. I'm unsure on whether the Ledger and KeepKey U2F implementations are fully interoperable, but the Trezor firmware and board design is open source + there's a software emulator so there's no lock in.
2
2
Sure, Trezor/Ledger is a huge improvement in terms of availability over YubiKey, by virtue of offering and insisting on setting up a recovery seed, but it's still significantly easier to permanently lock yourself out of identities/coins on Trezor than a physical lock.
2
1
The main thing that really needs to be done is properly backing up the recovery seed. One option is using 24 words and then splitting up the seed into 3 physical backups using a product like cryptosteel.com where 2/3 of the backups are needed to recover the full seed.
1
Losing the Trezor itself, having it break, forgetting the PIN, etc. isn't particularly important as long as there are proper backups. It's completely sensible to buy a 2nd one to restore the seed from the first one onto it in advance. Using multisig would be for more security.