[Gnuk-users] FST-01 is going to be non-reproducible any more
Yuji -UG- Imai
ug at xcast.jp
Sun Jan 10 03:27:16 UTC 2016
Hi, Niibe-san.
NIIBE Yutaka<gniibe at fsij.org>
>
> Well, 2016 would be the good timing to consider another hardware
> design.
As just a user point of view, I would like to tell wish for new FST.
> In this holiday season, I was considering use of Bluetooth for a
> crypto token, but my conclusion was: it's not good idea. I concluded
> that the use of Bluetooth should be limited to some HID feature, only.
Bluetooth is difficult for users to control restrictions on how situation
signing shoud be permitted. For example, how far token and terminal
located. It's depend on radio environment surrounding nomadic place
of their terminals. I used similar devices to automatically lock my
Windows terminals remotely, however I have never adjusted power value of
signal strength to turn locked I satisfied. Physical USB connection is
better
to control and confirm behavior is just I want.
In contrast, I and my friends dislike USB token style of current FST-01.
We used FST-01 for ssh agent. As we must sign so frequently, we want keep
it inserted to our laptop PCs. We handled our PCs so roughly, we broke
snapping its joint points between board and connector. We want to prevent
from snapping to destroy our secrets keys. But we have no clear idea
to do.
Yuji
> I am considering to release Gnuk 1.2.0. And to start development of
> new branch, removing RSA. Perhaps, it will be only with Curve25519
> and Ed25519.
>
> I think that Cortex-M0+ (with 1-cycle 32-bit x 32-bit -> 32-bit
> multiplier) running at 48MHz can be good token for OpenPGP (or SSH).
>
> While Cortex-M3 does 32-bit x 32-bit -> 64-bit multiplication takes
> 3-5 cycles and it is not constant-time (it skips cycles for smaller
> values). I don't think it is easy to mount this fact to build a real
> attack, but 1-cycle 32-bit x 32-bit -> 32-bit multiplier would sound
> good for constant-time lovers.
>
> I'll port Chopstx to Cortex-M0+. Then, I'll consider Gnuk25519.
>
> User interface of a token is also important. I'm considering
> something like HID device; a piezo buzzer for notification and a
> button for acknowledgment/confirmation.
> --
>
> _______________________________________________
> gnuk-users mailing list
> gnuk-users at lists.alioth.debian.org <javascript:;>
> https://lists.alioth.debian.org/mailman/listinfo/gnuk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20160110/79b1ffb6/attachment.html>
More information about the gnuk-users
mailing list