You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
So, the problem with USB tokens that we basically have two choices: - Unauditable black boxes built on *supposedly* more secure ICs that require NDAs to develop for - Open and auditable, but definitely pwnable off the shelf microcontrollers. Which poison do you prefer?
So far I've favored the first one, because you *know* all those keys based on a random STM32 are going to be glitchable, and closed stuff *might* be better. But after ROCA and other fails, maybe open firmware is better and just hope nobody physically attacks your key?
Keep in mind that this depends on your use case, e.g. a key keeping SSH keys needs to be more secure than a key used for FIDO U2F login for a handful of websites, because the latter is a second factor only and easier to revoke/replace.
Also keep in mind that open does not mean secure, I've seen some absolutely abysmal firmware in "open" firmware projects along these lines too. I guess what I'm asking is whether it's worth doing #2 "right" with the caveat of being vulnerable to physical attacks.
wasn't that the whole motivation to create the tomu?
The tomu still doesn't have a "secure element".
Well, I'd imagine that most people will keep them on them and within their sight at all times. If they can be trusted to revoke the keys if they leave their sight, and if the owner of the key doesn't mind the end user having access - that'd probably be most of the threat model.
Using epoxy resin embedding w/ non-conductive glitter and photo identitifcation cards, it should be possible to create a tamper resistant case for microcontrollers which are otherwise physically insecure - given the above.
To an extent yes, but secure elements are supposed to have actual security features (security meshes, voltage/clock monitoring, etc) that typical micros do not.
the OSS poison. At least you can work with lots of others to make better firmware etc
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
