2 Aug 2023 |
@Guest7522d:libera.chat | of course on device cred generating would be best, but if the mooltipy allows for ability to add creds via command line that is very nice | 18:38:51 |
@Guest7522d:libera.chat | another question..... im paranoid about supply chain security , like device getting tampered with in shipping, possible to disassemble device to inspect or is it sealed? | 18:39:31 |
@bunni:libera.chat | looks like mc-cli can do it for sure. I think the py library can do it as well. | 18:39:57 |
@Guest7522d:libera.chat | they might still need the moolticute dameon though? | 18:40:20 |
@Guest7522d:libera.chat | (I just try to avoid go due to security concerns with golang) | 18:40:38 |
@bunni:libera.chat | the device is sealed and nearly impossible to open non-destructively. limpkin can tell you more about the supply chain. But, AFAIK, parts are bought from reputable distributors, chips programmed/secured before going to CM, etc. Don't quote me on those points though. | 18:41:52 |
@Guest7522d:libera.chat | living in USA I'm worried about it being tampered with in transit by spooks | 18:42:33 |
@Guest7522d:libera.chat | shouldnt be difficult to replace the case right? | 18:42:49 |
@bunni:libera.chat | I'm not sure, mc-cli does hint that it needs moolticuted (which is separately buildable) | 18:42:56 |
@Guest7522d:libera.chat | if cannot disassemble, would i ever need to replace the battery? if battery dead i can use with usb power? | 18:43:32 |
@Guest7522d:libera.chat | sorry, alot of questions | 18:43:45 |
@bunni:libera.chat | I mean, before the device leaves the factory its all set up with keys etc., hard to tamper with in shipping, and there are ways to reach out to manuf to verify the hashes all match based on your device. Even still, the final credential database is entirely secured by the key stored in the smartcard. The point of the device security is, AFAIK, purely for signing and trust. From that, the smartcard has the key (with its own set of internal | 18:45:22 |
@bunni:libera.chat | security). | 18:45:22 |
@bunni:libera.chat | I don't think replacement parts are sold, I'm not sure how hard it would be to get a case. They are numbered as well in the case and thats part of the devices' identity | 18:45:52 |
@bunni:libera.chat | battery is nimh, in theory, has a nearly infinite lifetime (or at least 10+ years on paper). Basically, so long as the batteries are internally maintained (which the minible does) there are ways to continue to have it to hold a charge for many many many years. Even if the battery is fully dead, the device is indeed powered over USB | 18:47:11 |
@Guest7522d:libera.chat | nice | 18:47:51 |
@Guest7522d:libera.chat | i may just use the cli tools for cred creation after setup, while encouraging native implementation of on device cred generating. i just gotta figure out how to flash firmware with this | 18:49:25 |
@Guest7522d:libera.chat | Compile with make clean && make DEFINES=MINI_CREDENTIAL_MANAGEMENT. | 18:49:26 |
@Guest7522d:libera.chat | https://github.com/limpkin/mooltipass/pull/216 | 18:49:34 |
@Guest7522d:libera.chat | this might be what im looking for | 18:49:43 |
@bunni:libera.chat | FWIW I don't have sources to cite, but I found the nimh conversation that appeared here in the past: https://pastebin.com/ZAYrYLPQ | 18:51:48 |
@bunni:libera.chat | So, that is for the mooltipass/mini, the minible is a separate project. See my previous link to it | 18:52:34 |
@bunni:libera.chat | I'm not sure if that exists in the minible, but you are welcome to look. | 18:52:54 |
@bunni:libera.chat | I _do_ have old mini's that I'd happily part with if you want that feature and you trust me since they were hand built lol | 18:53:23 |
@Guest7522d:libera.chat | anyone know if possible to built moolticute app for alpine linux, aarch64 (arm cpu). alpine uses musl libc | 18:55:22 |
@Guest7522d:libera.chat | I may try to make an alpine linux package for this, not sure if it will be successful or not though | 19:24:20 |
barath | Not tried with musk but I think aarch64 is no problem | 19:34:55 |
barath | *musk, obviously musk has problems | 19:35:09 |
@Guest7522d:libera.chat | order placed :) | 19:35:13 |
barath | *musl xD | 19:35:18 |