Pünktlich zum #39C3 habe ich mein #Hardwaretoken #Howto erweitert um
#OpenSSH #Authentifizierung.

Ich zeige wie man sich an #SSH Servern einloggen kann mittels #FIDO2 Device Bound #Passkeys à la #Yubikey, #Nitrokey, #Token2 #Thetis etc.

Damit liegt der geheime Schlüssel im Passkey-Token und kann nicht ohne weiteres ausgelesen werden.

Außerdem zeige ich noch wie man einen 2. externen OpenSSH-Server nur für die Hardwaretoken konfiguriert.

Viel Spaß am Gerät

https://www.cryptomancer.de/posts/20251225-opensshfido2/

Und weiter geht's bei meiner kleinen Reise durch die wunderbare Welt der #HardwareToken...

Die heutigen Logins am #openvpn und MS Dingens erfolgt mit dem zweiten #TOTP Faktor vom #yubikey. Somit habe ich nun 3 optionale Wege, an diesen Faktor zu kommen:
- #AndOTP
- #keepassxc
- yubikey

#security #Hardware #Token

This is unfortunate because I received a pair of these recently that I've been meaning to take out of the package. I guess they won't be issuing recalls?

https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

#securitykey #sidechannel #yubikey #yubikeys #hardwaretokens #hardwaretoken #cryptography #credentials #fido

I want to beef up my 2FA standards and I'm looking for a 2FA hardware token. The only one's I've ever used have been for work (RSA Tokens) but what else is out there? Better yet, what should I be looking for in a hardware token?

#2FA
#hardwaretoken
#passwordsecurity

TurtleAuth DIY Security Token Gets (Re)designed for Durable, Everyday Use

[Samuel]'s first foray into making DIY hardware authentication tokens was a great success, but he soon realized that a device intended for everyday carry and use has a few different problems to solve, compared to a PCB that lives and works on a workbench. This led to TurtleAuth 2.1, redesigned for everyday use and lucky for us all, he goes into detail on all the challenges and solutions he faced.

When we covered the original TurtleAuth DIY security token, everything worked fantastically. However, the PCB layout had a few issues that became apparent after a year or so of daily use. Rather than 3D print an enclosure and call it done, [Samuel] decided to try a different idea and craft an enclosure from the PCB layers themselves.

The three-layered PCB sandwich keeps components sealed away and protected, while also providing a nice big touch-sensitive pad on the top, flanked by status LEDs. Space was a real constraint, and required a PCB redesign as well as moving to 0402 sized components, but in the end he made it work. As for being able to see the LEDs while not having any component exposed? No problem there; [Samuel] simply filled in the holes over the status LEDs with some hot glue, creating a cheap, effective, and highly durable diffuser that also sealed away the internals.

Making enclosures from PCB material can really hit the spot, and there's no need to re-invent the wheel when it comes to doing so. Our own [Voja Antonic] laid out everything one needs to know about how to build functional and beautiful enclosures in this way.

#microcontrollers #securityhacks #durable #gpg #hardwaretoken #pcb #security #u2f

Secure Shell ssh Möglichkeiten und Gefahren

Der beliebte Zugang zu Remote-Hosts hat auch gewaltige Fallstricke https://blog.schuerz.at/~/SicherheitImNetz/secure-shell-ssh-möglichkeiten-und-gefahren/