神刀安全网

A secure, open source U2F token you can make with $4.5 worth of parts

U2F Zero

U2F Zero is an open source U2F token for 2 factor authentication. It is implemented securely. It works with Google accounts, Github, Duo, OpenSSH, and anything else supporting U2F.

A secure, open source U2F token you can make with $4.5 worth of parts

You can easilybuild your own. You just need to order the8 SMT parts, $4.6 PCBs , and programmer . It ends up being $35 for programmer and $4.5/board. The token is durable enough to survive on a key chain for years, even after going through the wash.

Check outthe wiki for more on how tobuild your own.

A secure, open source U2F token you can make with $4.5 worth of parts

Security Overview

The security level is about the same as a modern car key. Any secret information cannot be read or duplicated. A true random number generator is used to create unpredictable keys.

However, side channel leakage is an unsolved problem in industry and academia. So for well equipped adversaries that can make targetted attacks and get physical access, secret information leakage is possible. Any other hardware token that claims it’s "impenetrable" or otherwise totally secure is still vulnerable to physical side channels and it’s important to acknowledge. However, most people don’t worry about targeted attacks from well equipped adversaries.

For more information about U2F Zero’s secure implementation and the problem of side channels, check outthe wiki.

License

Everything is open source and licensed under the Simplified BSD License .

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » A secure, open source U2F token you can make with $4.5 worth of parts

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址