You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
So, the problem with USB tokens that we basically have two choices: - Unauditable black boxes built on *supposedly* more secure ICs that require NDAs to develop for - Open and auditable, but definitely pwnable off the shelf microcontrollers. Which poison do you prefer?
So far I've favored the first one, because you *know* all those keys based on a random STM32 are going to be glitchable, and closed stuff *might* be better. But after ROCA and other fails, maybe open firmware is better and just hope nobody physically attacks your key?
Keep in mind that this depends on your use case, e.g. a key keeping SSH keys needs to be more secure than a key used for FIDO U2F login for a handful of websites, because the latter is a second factor only and easier to revoke/replace.
Also keep in mind that open does not mean secure, I've seen some absolutely abysmal firmware in "open" firmware projects along these lines too. I guess what I'm asking is whether it's worth doing #2 "right" with the caveat of being vulnerable to physical attacks.
What about the Nordic offerings? https://www.nordicsemi.com/Software-and-Tools/Development-Kits/nRF52840-Dongle … seems like a good alternative to any random STM32 for this kind of application.
Looks like that has some nice crypto accelerator stuff, but it doesn't mention any kind of hardware hardening. I'm not sure if it's substantially better; maybe it helps a bit with secret extraction *if* you use a battery backup?
You don't need to "hope", there are active mitigation to physical attack vectors. @Trezor actively promotes using passphrase, which can give you measurable protection against physical threats (in contrast to just hope and trust in case of SE).https://blog.trezor.io/is-your-passphrase-strong-enough-d687f44c63af …
Ideally you have *both* physical attack mitigations *and* a strong passphrase that cryptographically wraps your private key.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
