[machinationu]

while you are right, security is generally not cheap.

you can get that $5 china fido key, but are you sure it's you who owns it?

I was recently looking for a security key, and eventually I did pay the yubico tax, because saving $20 by getting another one seemed unwise given the stakes.

[gruez]

>you can get that $5 china fido key, but are you sure it's you who owns it?

Seems like a moot point because it'd be very difficult for a rogue fido key to exfiltrate data. I'd be far more concerned about random chinese IOT gadgets, which most people don't have a problem with.

[wkat4242]

Hmm yes but it's possible to compromise private key generation to only create a very small predictable subset of keys. In fact some smartcards from Infineon suffered from this as a bug. And thus they can be brute forces. It requires some serious crypto chops to determine if this is the case. Obviously it's not like the first 60 bits being zero or something. And the private key is made to not be extracted in this kind of device making it even harder.

[petee]

One issue i see is that it's a sealed package; it wouldn't be immediately apparent if someone added extra hardware/functionality.

More likely though I'd expect you'd just get some form of a clone device

[the8472]

Couldn't they ship pre-compromised? Storing the RNG seed and private key at the factory.

[ComputerGuru]

Devil’s advocate: How do they map that data to a user when you are buying through a maze of resellers?

[machinationu]

they dont, they try against all the keys, there are at most a few billion of them

see Dual_EC_DRBG

[wkat4242]

It won't be as easy as that because you can generate a private key multiple times and notice it's the same.

However yes a very limited entropy in the private key is much harder to detect especially because on this kind of device you can't see the private key directly.