Hacker News new | ask | show | jobs
by WaitWaitWha 1373 days ago
@kfreds thank you for the response, and the commitment you have for this project.

>> ... this is basically like a yubikey ...

> ... new kind of USB security key ...

The things you have listed are indeed very nice, but they are not new kind, as they are available elsewhere.

Can you give a bit more compare and contrast to the original question?

Again, thank you.
2 comments
kfreds 1372 days ago
> The things you have listed are indeed very nice, but they are not new kind, as they are available elsewhere.

Really? I wasn't aware that there is another USB security key with measured boot-based key derivation. Please provide a link!

> Can you give a bit more compare and contrast to the original question?

Except for Tillitis Key, all USB security keys I'm aware of either boot any software, or only boot software that has been signed with a key pair. Tillitis Key is different in that it measures the application, and uses that measurement to derive a secret specific to the application as well as the stick it's running on.

link
bestham 1372 days ago
No, the integrity is within the device. You load the small (64k) apps onto the key and the content of the apps with the unique key for the device can be used by the app to perform cryptography and their integrity can be audited. This is similar to JavaCard with cryptographic integrity of the applets. Read more at: https://github.com/tillitis/tillitis-key1/blob/main/doc/syst...
link