Hacker News new | ask | show | jobs
by FredFS456 1373 days ago
My understanding is that it's both a more general platform (targeting more than 2FA) and also uses an FPGA running open-source code, so that the "secure enclave" functionality can be inspected and found to be secure, rather than just trusting NXP/ARM's chip as SoloKeys have done.
3 comments
ecesena 1372 days ago
Correct. I think the difference is just NFC.

If you want to power your key via NFC (tap to phone to authenticate), you need a micro which consumes very little, powers up quickly and can do a signature before the FIDO protocol times out. I'm not sure this is currently possible with a FPGA, but maybe it is.

link
ptman 1373 days ago
FTR SoloKeys targets FIDO2, not just U2F
link
JoachimS 1373 days ago
The TillitisKey should be able to be used for FIDO2, as a TOTP generator etc. Right now there is a SSH agent application, which allows you to sign in by touching the device.

Personally I'm very excited to see what applications will be developed at the hackathon at the OSFC conference, and onwards. We have had people at the conference showing interest in trying to write applications in Rust. I will try and implement an application of my own tomorrow.

link
RL_Quine 1372 days ago
SSH supports FIDO2 so I'm not really sure the purpose of having an agent.
link
Matl 1373 days ago
I think what they mean is that this can be reprogrammed for more use cases than FIDO2 and U2F, it can say be programmed to support my own homegrown thing that I've made up just now or even a more general concept than just getting into things perhaps.
link
JoachimS 1372 days ago
Yes. And your application will get a per device unique primary secret when loaded, which the application then can use for whatever it needs. (Including not using it all all.)

TOTP, FIDO2, PIV, simple touch triggered challenge/response... or something completely different. If it can fit in around 100 kByte RAM when compiled for RV32IMC and not be too computationally expensive, it could be a Tillitis app.

Just to give you some indication, the Ed25519 signer operation in the SSH authentication we showed on stage today takes ~ one second to perform the signing. And we have several ways to improve that we know already.

link
kfreds 1372 days ago
Good explanation. Thank you.
link