Conversation

Replying to

and

but the fact that the WebUSB folks immediately yolo'd themselves into breaking the FIDO security model does not speak well of the amount of prior planning that's been put into changing the longstanding assumptions about what can access USB devices ref:

yubico.com

WebUSB in Google Chrome and Responsible Disclosure

In 2018, Yubico worked with Google to help address security vulnerability issues for WebUSB in Google Chrome that affected FIDO U2F authenticators

Replying to

and

It's already broken for a compromised device. When I use FIDO login with my Trezor Model T, it shows me the site identity on the touchscreen and I have to allow it there. The security key design is already broken if it relies on the OS / browser not being compromised.

Replying to

and

historically users are really really bad at comparing things on two different screens IMO the FIDO model is broken in all sorts of ways, so this might just be an artifact of that

Replying to

and

In general, I don't think an HSM without secure input and output can actually provide as much as people expect from them. For example, a hardware wallet for Bitcoin with no display lets an attacker send a million dollars to themselves when you confirm buying a pizza with it.

Replying to

and

So, a proper hardware wallet has a screen and secure input. Ideally, it has a touchscreen or physical keyboard rather than just a few buttons. HSM design in the Bitcoin world is so much more advanced in terms of the workflow and threat model of a traditional HSM. Find it weird.

Replying to

and

Like being able to back up your seed on paper or with something like cryptosteel.com/product/crypto via it being displayed on the screen once when initializing it. If my Trezor Model T dies, I can initialize a new one with the seed and set the counter to UTC time and I can still login.

cryptosteel.com

Cryptosteel Cassette Solo

The classic design of Cryptosteel Cassette established the offline metal backup market with a lightweight and portable solution.

Replying to

and

- we should do BIP39 recovery keys for ArmorLock so people can save them via the Cryptosteel Cassette (see above)

Replying to

and

They also have these now, which are more flexible: cryptosteel.com/product/crypto BIP39 is more compatible with different things though. There are also guides on splitting up a 24 word seed into 3 parts where 2/3 are enough to recover the whole thing, etc.

cryptosteel.com

Cryptosteel Capsule Solo - Give your backup the security of solid steel

The Cryptosteel Capsule Solo stores up to 123 ASCII characters in stainless steel. Perfect for cold storage backups of recovery seed phrases and passwords.

Replying to

There's a major advantage to using a format with a lot of thought put into it and an ecosystem around it. I don't like when apps roll their own crappy approach like Signal's string of digits for the encrypted local backup / restore option. It's a lot less usable.

Replying to

and

unfortunately we are definitely in the "string of digits" camp at the moment, but this is a good incentive to put the time and money into the string-of-words approach even if it means getting more wordlists created

Replying to

and

I also just realized github.com/satoshilabs/sl exists as a standard.

5:32 AM · Jan 25, 2021Twitter Web App