Replying to Avatar Dr. Hax

Overall: I'd expect the security to be comperable with your threat model and use case making the difference.

In both cases, a physical attacker is still a threat. They could watch you type in the pin if you ever used it in public. Passwords entered on a keyboard are harder to pick up that way, but easier to snag if you use the device on a compromised computer. But in neither case can some random person who just happened to find your device get into your accounts.

If the device is lost, I'd slightly favor the Signet because I know the key material is not there, unlike the onlykey where we know it is there. They should be hardened against key hardware key extraction/bypass techniques, but without the firmware source, we just have to trust them when they say they had someone review it.

Speaking as someone who has done professional security reviews for many closed source products, I can say a few things:

1. Hardware security testing is more expensive and therefore done less often and less thourougly

2. Some companies get security reviews primarially for marketing purposes, others really just want to make sure their stuff is secure. It's impossible to tell these apart from the outside and thr people who do know have signed agreements to not talk about it.
Avatar
Dr. Hax 2y ago

I really do like that the pin is entered directly into the device for onlykey. This allows it to be used to safely unlock a computer, which is a feature Signet lacks.

The Trezor Model T has pin entry on the device too too (but that does not store passwords, it only does FIDO2 for authentication). This works fine for my machine, where I have FIDO2 logins set up, but most apps, websites and software don't support FIDO2.

Another issue that worries me is if the people making the device stop doing so. This happens all the time with corporate products being sunset. It also happened with the Signet! The original authors are gone. However, because it is fully open source, I was able to pick it up and start building devices. I plan on continuing support for at least as long as the components are still being manufactured.

In fact, it looks like OnlyKeys are currently sold out, which is exactly how my recent experience with Signet started. First it was sold out, then I didn't get a response to my inquiry as to when they'd be back in stock...

As long as everything is perfectly implemented in the firmware, the OnlyKeys really shine with the extra features like TOTP, FIDO2, and PGP support.

Personally, I know too much about software security for more features to be a selling point for me. I'm less confident in it's ability to withstand software only attacks when it is unlocked. Since I feel like one of the main points of using a hardware password manager over a software one is that it can remain relatively safe on a compromised computer, I feel like this is a pretty legit concern. This comes back to people's threat model though. If they assume there are not any dedicated attackers after either them or OnlyKeys, then this doesn't really matter in practice.

Signet is not immune from this either, but fewer features means less code to have exploitable bugs. And modern exploits will chain together a bunch of seemingly benign bugs to compromise a system, so the number of bugs is almost as important as their severity.

Anyway, thanks for letting me know about OnlyKeys. They didn't turn up when I was searching for alternatives. They're not a good fit for me, but based on the documentation, they seem like a pretty good solution for many people.

Reply to this note

Please Login to reply.

Discussion

Avatar
Bill Cypher 2y ago

What I want to see, but no one seems to be building, is airgapped logins using public key encryption. I think this is the longer term future. My idea works for unlocking a computer or logging into a website.

Everyone already has the hardware since everything has a camera and screen to pass QR code data back and forth. The device simply displays a challenge QR with your account info and some random data for login. Your signer validates the account matches the priv key, then does a signature from your priv key and send the signature back via QR. Service or device validates the signature is you using their access to your pubkey and you are in.

As long as the random data in the challenge is random only a single login per challenge is possible. The biggest risk I see is someone doing a MITM to capture the challenge then shoulder surfing the signature QR and presenting it faster than you.

A signer could even have a unique key for every device and service and automatically sign with the correct one by pulling it from the challenge data.

Another pro I see to this is the service only has a pub key, so services leaking your sign in info through poor password management and or network security is a thing of the past.

Avatar
Bill Cypher 2y ago

Thinking a little more, for a dev the prototype signing device should be an easy software only mod to a seedsigner.

Avatar
Dr. Hax 2y ago

Using a transport layer of QR code & cameras does seem like it'd be next level. Plus the device can show you what it is you are signing before you sign it, since it would have a screen.

As long as there's a solid way to unlock/authenticate to the air gapped device, you should be good to go.

That should be able to support FIDO2, which is basically what you descibed: sign a nonce to login. I'm not sure how browsers interact with FIDO2 devices, but there's presumably some layer that could be used as an nice interface.

Absolute worst case scenario: have a FIDO2 USB device that doesn't have any keys; it just acts as a bridge between the browser/OS (which expect a USB device) and the air gapped secret holder. That also has the advantage of working on computers without a camera. The camera would be on the USB device.

Now you've infected me. I kinda want that too now. Crowdfunded research and development project?

Avatar
Bill Cypher 2y ago

I'm not a dev so I never got past the idea phase. I'd do what I could though.

Avatar
Dr. Hax 2y ago

Well, I am a developer, and I already have a pi zero zero...

The camera and screen are about $40 in total (after shipping).

If I get at least .0014 BTC to bc1pckaq2raj47nhmyzwrsjvfztnf9gmsfq7f0s5z3337jd8yy5ey5rqk2zqvz I vow to order the parts and take a crack at this. I'll post my progress on nostr as I go and all code and instructions will be MIT licensed (same as SeedSigner). Bill gets to name the project. Those are my terms.

Any extra coinage would serve as more motivation for me to make it a priority, put extra polish on it when it's functional, etc.

Avatar
Dr. Hax 2y ago

The code in https://github.com/SeedSigner/seedsigner looks well organized, but there's a fair deal of abstraction that makes it hard to follow until you know the code base. So it'd probably go smoothly after some time investment up front.

Avatar
Nice and Kind Vic 2y ago

I think my favorite airgap login is LNURL-auth.

Avatar
Bill Cypher 2y ago

Lnurl-auth your signer is a lightning wallet, which requires an internet connection. We are talking about something where your signer never has an internet connection in its lifetime.