How do you trust a U2F key?

U2F keys can be purchased online for the price of a cup of coffee. They’re being touted as the next best thing in online security authentication.

How do you know that the key that arrives at your doorstep is unique and doesn’t produce predictable or known output?

There’s plenty of opportunities for this to occur with online repositories with source code and build instructions.

Price of manufacturing is so low that anyone can make a key for a couple of dollars. Sending out the same key to everyone seems like a viable attack vector for anyone who wants to spend some effort into getting access to places protected by a U2F key.

Why, or how, do you trust such a key?

The recent XZ experience shows us that the long game is clearly not an issue for some of this activity.

Chat

TurtleTourParty
link
fedilink
English
arrow-up
7·
2 months ago
Maybe coffee is very expensive where OP lives

Privacy@lemmy.ml

privacy@lemmy.ml

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !privacy@lemmy.ml

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
Don’t promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

218 users / day
3.02K users / week
7.18K users / month
19.7K users / 6 months
142 local subscribers
29.7K subscribers
3.36K Posts
63.8K Comments
Modlog