|
|
|
|
|
|
by ecesena
2863 days ago
|
|
|
To echo on Conor's comment, our keys will protect you from online attacks. The one you describe is certainly a threat, but still pretty sophisticate and requires physical contact with the key. To protect from physical attacks you need stronger devices, for example Yubico now has an entire new line of FIPS certified products. Note that the cost is higher than the FIDO2 usb-a only key. As Conor mentioned in other places, to obtain stronger hardware we'd need to sign NDAs with vendors, and thus we couldn't make our key open source. Personally, I really hope that this first iteration will be a success, so we'll be able to push the industry for even more open hardware, and eventually we'll be able to address threats like the one you reported. |
|
|
That's not true. First, you won't even be eligible to sign an NDA with a secure chip vendor. Second, this won't limit you from having your application (running on their chip) subject to the NDA.