Whoops, @Yubico just scored 31% on the Sony PS3 Epic Fail scale. Collect three signatures from a FIPS Yubikey and you can calculate the private key.https://www.yubico.com/support/security-advisories/ysa-2019-02/ …
-
Maybe not insecure, but unsafe...
The problem is that AFAICT there is nothing out there that is open/auditable *and* runs on a secure MCU. All of those are NDA'ed crap. So you get to pick: insecure CPU, or unauditable code.
-
-
And there is the crux of the problem. Unfortunately, nobody seems to want to develop a chip without building a wall around their IP.
-
Some people want to do good *and* pay rent. Some people want to manipulate the system for optimal gain. How do you discern?
End of conversation
New conversation -
-
-
Do chips built for DRM/payment processing provide any value for this use case? We expect low-cost tamper resistance to be bypassed with proportional investment. Increasing risk of catastrophic failure vs remote attackers due to NDA-induced overconfidence doesn't seem worth it.
-
There are lots of good secure processors hiding behind NDAs. It’s not that hard to execute the right paperwork and get the documentation and utilize those. There’s bad product as well, but plenty of good.
End of conversation
New conversation -
-
-
What about the STM32L432? (Sorry, just curious what bar ‘secure mcu’ is. Not trying to troll.) https://github.com/solokeys/solo/blob/master/README.md …
-
Looks like a generic MCU to me, nothing intended for security. You want things like anti glitching, active mesh, hardened CPU core.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.