Dr. Wisplinghoff von WisphovenApr 28, 2023
Benno

“You must rotate your credentials every 60 days.”

*takes USB-C YubiKey out of slot*
*turns it upside down*
*plugs it back in*

Apr 26, 2023 at 12:13amWeb
Show threadBai ShenApr 26, 2023
@benno I'm reminded of the fact that USB C is directional so you could have a drive return different data depending on the orientation.
Show threadValentine BrieseApr 26, 2023
@baishen @benno Oh no way, really?
Show threadJames HenstridgeApr 26, 2023

@valentinegb @baishen There's a pair of "configuration channel" pins in the connector that are in symmetric positions so they are switched when you rotate the plug 180°.

USB-C cables leave one of the configuration channel pins disconnected, which allows devices to determine cable orientation and behave accordingly. Normally the device will just use this info to swap some data channels if needed. It could instead use it to provide different behaviour though.

More details on the configuration channel here: https://medium.com/@leung.benson/usb-type-c-s-configuration-channel-31e08047677d

USB Type-C™’s Configuration Channel - Benson Leung - Medium

I’ve been getting questions about why certain kinds of USB adapters or cables work to charge new USB Type-C™ devices, and why other adapters are necessary to charge legacy devices from USB Type-C…

Medium
Show threadNatanael ⚠️Apr 26, 2023
@valentinegb @baishen @benno officially the docs and certification rules says you need to make it bidirectional, but if you don't care about that then it's possible
Show threadvarx/socialApr 26, 2023
@Natanael_L @valentinegb @baishen @benno Even if it weren't, you could still mount an orientation sensor in it. 😈
Show threadripples1253May 21, 2023
@baishen @benno wait really? that’s kinda cool actually, i wonder if some software could detect that and have like a secret partition on a usb 🤔
Show threadjasegJul 3, 2023
@baishen @benno Just saying, by adding a little accelerometer to the USB drive you could even make it return four different sets of data depending on which of (a) the drive and (b) the laptop is upside down at a particular time.
Show threadDamien (TIG BUSINESS)Apr 26, 2023
@benno tried with USB-A key, now neither key nor port work, please advise
Show threadSam Thurston Apr 26, 2023
@aeduna @benno should have rotated it 360 degrees
Show threadChrisApr 26, 2023
@aeduna @benno I actually own a travel charger for my Apple Watch that can be plugged in in either way. And yes, it’s USB A
Show threadAlex RJul 3, 2023
@aeduna @benno for USB-A, simply rotate a full 360° half as often
Show threadJoel SuttonApr 26, 2023
@benno 😂
Show threadReid D. M.Apr 26, 2023
@benno @petrillic I wish I could respond with this to our password rotation policy
Show threadReid D. M.Apr 26, 2023
@benno @petrillic fuck u (rotates credentials)
Show threadStephenApr 26, 2023
@benno "Ticket closed: no response from user in 7 days."
Show threadEllieApr 26, 2023
@benno I think they mean to change usernames.
Show threadCrumbs the CatApr 26, 2023
@ellie the most secure credentials are the ones no one can guess, including the user.
Show threadEllieApr 26, 2023
@crumbs Welcome back, Ms ed909676-c7e3-4c98-86db-a5cf5335e825.
Show threadAndres JalintonApr 26, 2023
@ellie @crumbs
-----BEGIN PGP MESSAGE-----
hQEMA5r0IChW+Rb6AQf+PIo7V+UBn5AFoF+zLHOU1u5j1IvhtXnudnV/MZlJSGHy
z/bAkr8F0+0N/2NQf7BlGv9/zIdhCK/6+D1/5sUJwz8s4OyuzmDss+de40J6Bb8Q
GZTYTjltq3p4w6U4B6R13y6P
A7LhX9LyWp7+Z1H1FV/5+5z5LLi7hUEOKvg/p91Vhx74StXN0dL7peBJH76CQz7w
8O2QlJ36Oqaz3xVPrZZmX24EjRZmNW80iLhjKt7vgu5Pn/BV7lOXG1bcvK1DdHht
oNC7gQIeKoE7QrojKhhgMM1q3zOPrBRBpCjXGJfuxdLrAe4psU4O6U4y6OJjAxU0
S/cwoQW8YutJSU/+q3Kjwuo1Ee0N/BJHEjKQxg==
=+NzW
-----END PGP MESSAGE-----
Show thread0x10f/kalle/qalleApr 26, 2023
@benno "Please rotate your password by 180 degrees every 60 days. The password may only include the following characters: 0, 6, 8, 9, H, I, N, O, S, X, Z, b, d, l, n, o, p, q, s, u, x, z."
Show threadKent BrewsterApr 26, 2023
@benno sounds like a job for rot13….
Show threadMatzeApr 26, 2023
@benno But what if you’re not allowed to use one of the last 10 used credentials? 🫠
Show threadSleepyBoi2852Apr 26, 2023
@benno That took me a sec lmfao
Show threadSteve WilliamsApr 26, 2023
@benno @mwl Snatch the pebble, security Ninja 🙏🏻
Show threadJohan 🌀Apr 26, 2023
@benno I got one just this week! Can't wait to start rotating it.
Show threadAlisonW ♿🏳️‍🌈♾️Apr 26, 2023
@benno
So useful having USB A at one end and C at the other!
Show threadQuiVidetApr 26, 2023
@benno that's a good one, thanks for sharing ! 😂
Show threadAnalog AIApr 26, 2023
@benno Definitely works better (from experience!) if you rotate it 2 pi radians instead of just pi. There are days I just can't get it to work until I fix that!
Show threadcalcifer 🧯Apr 26, 2023
@benno @socketwench they say rotate, but they don't specify a reference point. My credentials rotate daily around the gravitational center of the earth 
Show threadslidemanApr 26, 2023
@benno
Does this mean “change your pswd”?
Show threadApr 26, 2023
@benno I did it with a USB-A and broke my computer. Thanks a lot.
Show threadKevin Karhan Apr 27, 2023

@benno I use @nitrokey ...

Also changing passwords is actually weakening security.

Show threadjwelzelApr 30, 2023
@benno please don‘t try this with an USB-A YubiKey.
Show thread[Yaseenist] CauseOfBSOD  May 8, 2023
@benno wear levelling
Show threadFuzzy BumbleBeansJul 3, 2023
@benno turn over to side be and insert to F%$&ing box XD different time, same means of storage X3
Show threadSimon RichterJul 5, 2023
@benno @luna tbh I'd love to have a hardware token that adds the time it has been continually unlocked into the signature.