|
|
|
|
|
|
by T3OU-736
74 days ago
|
|
|
There's a [DEFCon 33 talk](https://youtu.be/xdl08cPDgtE?si=SwZ-87jzDbNeP1Mx) on this, too. I... Am not sure how I feel about it. On tech merits, this absolutely makes sense - the tech is slinging private keys around, and their secure storage is a hard problem. On the practical merits - maybe? Token-backed decryption of the password manager's database seems like a devent solution? But does this happen? Is there a password manager which uses the public key derived from FIDO2 token's on-chip private key to decrypt the database? On-token storage is limited (though 100 passkeys on a YK 5 Nano is fairly generous) - but what if we just used the YK as the "Private key is here and ONLY here" setup? I kinda like the OFFOAD+ design - it promises to show me to where I am authenticating. With origin binding should be a nobrainer, but still, it
speaks to me. |
|
|