14 Jan 2024 |
Savely Krasovsky | In my opinion Kellerkind is a little bit categorical. SoloKeys team alive, but Solo 2 won't probably receive any updates soon or probably at all. Also it's not FIDO certified. I could not recommend them as FIDO2 keys for now. | 20:14:41 |
nyanbinary | TKey seems more like a small computer | 20:32:23 |
nyanbinary | But Solokey 2 is also a small computer (kinda) | 20:32:34 |
nyanbinary | Since users were intended to be able to run apps on them too right? | 20:32:49 |
nyanbinary | Build with Trussed | 20:32:52 |
Savely Krasovsky | All security keys is kinda small computers. Solo and TKey just could run apps and allow to sideload it (Yubikeys also has kind of apps, but you cannot update them or install new). | 20:34:42 |
nyanbinary | Also | 20:55:56 |
nyanbinary | it seems like the TKey is more powerful than the Solokey? | 20:56:07 |
Savely Krasovsky | * All security keys are kinda small computers. Solo and TKey just could run apps and allow to sideload it (Yubikeys also has kind of apps, but you cannot update them or install new). | 20:56:46 |
nyanbinary | can anyone confirm :3 | 21:11:17 |
Kellerkind | Tkey is a whole different approach, as there is no User data stored on it.
It is implemented on a FPGA that has an open source tool chain.
So it runs a soft core cpu rather than being dependant on a cpu from a manufacturer. | 21:16:09 |
Kellerkind | https://tillitis.se/products/threat-model/ | 21:20:45 |
Savely Krasovsky | In reply to @jannf:matrix.org Tkey is a whole different approach, as there is no User data stored on it. It is implemented on a FPGA that has an open source tool chain. So it runs a soft core cpu rather than being dependant on a cpu from a manufacturer. In that case FIDO app will require to store encrypted material at user machine? | 21:24:43 |
nyanbinary | In reply to @jannf:matrix.org Tkey is a whole different approach, as there is no User data stored on it. It is implemented on a FPGA that has an open source tool chain. So it runs a soft core cpu rather than being dependant on a cpu from a manufacturer. Hmm how would this go up against the Solokey v2? | 21:40:40 |
Savely Krasovsky | It depends on what important for you. FPGA excludes any possibility of vendor hardware exploit from NSA or kinda. | 21:42:01 |
Kellerkind | In reply to @krasovsky:envs.net In that case FIDO app will require to store encrypted material at user machine? No but I think things are derived by a value that is stored at the lifetime programming of the small on time programmable memorie | 21:42:09 |
Kellerkind | They also sell an "unlocked" version where you could program that area yourself | 21:43:50 |
nyanbinary | In reply to @krasovsky:envs.net It depends on what important for you. FPGA excludes any possibility of vendor hardware exploit from NSA or kinda. Security and Open Source | 21:43:48 |
nyanbinary | is important :3 | 21:43:51 |
Kellerkind | For me the current goto would still be nitrokey 3 as they use/develop trussed and implement a gpg Smartcard. | 21:44:55 |
Savely Krasovsky | In reply to @jannf:matrix.org They also sell an "unlocked" version where you could program that area yourself Could TKey approach even be certified by FIDO btw? | 21:45:12 |
Savely Krasovsky | I see it more like a "fun" addon option like in Trezor or Flipper Zero. | 21:46:27 |
nyanbinary | in theory its a full HSM | 21:49:19 |
nyanbinary | just pluggable | 21:49:23 |
nyanbinary | Also there serious weight behind these ppl | 21:49:34 |
nyanbinary | Its a spinoff of Mullvad VPN | 21:49:42 |
nyanbinary | the people who made the TKey | 21:49:48 |
Savely Krasovsky | Yes, I read already. | 21:50:25 |
nyanbinary | Also to note it uses a open RISC-V design | 21:54:25 |
nyanbinary | Why hasnt Nitrokey gone the FGPA route btw? | 21:54:54 |