Dr. Hax on Nostr: As many of you know, I've been hot to trot with crypto since the late 90s when I ...
As many of you know, I've been hot to trot with crypto since the late 90s when I found out about PGP. I've audited a bunch of cryptosystems and found some amazing bugs that I was able to exploit in practice, not just in theory.
Now I have a new project. Defensive this time.
It's an open source, encrypted hardware password manager called Signet. To explain why I think this is an important tool to add to your arsenal, let me share the story of how I got here.
I'd love to have crytographically secure logins everywhere. That's what FIDO2 (aka webauthn, aka passkeys) are, but there are some major problems with that.
1. Poor adoption
2. When it is adopted, often only as 2FA despite being stronger than passwords
3. Even where it is really the passwordless future that we've been promised, you still need a password in case you lose your device
It could be different. It cold be better. But in practice, this is what we have and will continue to have for the foreseeable future.
Password managers are the next best thing. Passwords can have as much entropy as cryptographic keys (when allowed to be that long and complex). You only have to remember a few passwords, possibly as few as one, depending on your threat model. Some password managers can also store secrets for TOTP generators.
However these have a few shortcomings as well:
1. You can't tell when passwords being accessed
2. It's possible for a non-root attacker on your machine to dump all password databases that have been unlocked since they gained access. This is true for all software password managers I've seen and nobody is claiming to defend against this.
3. Some of them (e.g. Lastpass) don't work when your you're offline.
4. Passwords are stored on a machine that is always online
That's why I am building Signet devices. They require a device password and physical button press to unlock, and then another button press for each password/secret.
So even an attacker who rooted your machine before you unlocked the device can not dump your entire database! You can also easily disconnect the device containing all your secrets when it's not in use. You can tell when an attempt is made to access your data because the light on the device will flash. Finally, it won't be accessed without your knowledge or consent, as you are not going to press the button to help out an attacker.
Overall, it is more secure than pure software password managers, while still remaining easy to use.
If you are thinking, wait hasn't that been done before? Yes. It has. It was called Signet and is the same project. But then the original authors mysterously disappeared. So I revived the Signet project, because I see no need to reinvent the wheel.
I have updated the hardware design, updated the software and now am maintaining all of it. I am also building the hardware.
The beauty of open source hardware & software is that you don't need to trust me to use the device. You can visually inspect the board to confirm the switch physically puts the CPU is put into bootloader mode. The firmware has reproducable builds, so you can verify the binary matches the code. Flash away and put your mind at ease.
If you want to learn more about these devices, check out https://hax0rbana.org/signet to watch a 2 minute intro video and links to places where you can buy them.
Now I have a new project. Defensive this time.
It's an open source, encrypted hardware password manager called Signet. To explain why I think this is an important tool to add to your arsenal, let me share the story of how I got here.
I'd love to have crytographically secure logins everywhere. That's what FIDO2 (aka webauthn, aka passkeys) are, but there are some major problems with that.
1. Poor adoption
2. When it is adopted, often only as 2FA despite being stronger than passwords
3. Even where it is really the passwordless future that we've been promised, you still need a password in case you lose your device
It could be different. It cold be better. But in practice, this is what we have and will continue to have for the foreseeable future.
Password managers are the next best thing. Passwords can have as much entropy as cryptographic keys (when allowed to be that long and complex). You only have to remember a few passwords, possibly as few as one, depending on your threat model. Some password managers can also store secrets for TOTP generators.
However these have a few shortcomings as well:
1. You can't tell when passwords being accessed
2. It's possible for a non-root attacker on your machine to dump all password databases that have been unlocked since they gained access. This is true for all software password managers I've seen and nobody is claiming to defend against this.
3. Some of them (e.g. Lastpass) don't work when your you're offline.
4. Passwords are stored on a machine that is always online
That's why I am building Signet devices. They require a device password and physical button press to unlock, and then another button press for each password/secret.
So even an attacker who rooted your machine before you unlocked the device can not dump your entire database! You can also easily disconnect the device containing all your secrets when it's not in use. You can tell when an attempt is made to access your data because the light on the device will flash. Finally, it won't be accessed without your knowledge or consent, as you are not going to press the button to help out an attacker.
Overall, it is more secure than pure software password managers, while still remaining easy to use.
If you are thinking, wait hasn't that been done before? Yes. It has. It was called Signet and is the same project. But then the original authors mysterously disappeared. So I revived the Signet project, because I see no need to reinvent the wheel.
I have updated the hardware design, updated the software and now am maintaining all of it. I am also building the hardware.
The beauty of open source hardware & software is that you don't need to trust me to use the device. You can visually inspect the board to confirm the switch physically puts the CPU is put into bootloader mode. The firmware has reproducable builds, so you can verify the binary matches the code. Flash away and put your mind at ease.
If you want to learn more about these devices, check out https://hax0rbana.org/signet to watch a 2 minute intro video and links to places where you can buy them.