-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Passive USB fingerprint self-destruct #153
Comments
Some considerations for this feature request:
We typically implement features that have the widest range of use and interest from a large number of users. I will leave this open, feel free to add to this if there is interest. |
Given that the device is now 'tamper-evident', that would be a discussion between the hypothetical parent and child.
Other devices on the bus, the MACs etc. - it's not important that it can't be spoofed via some highly pre-orchestrated plan, only that if there's a significant probability that the device it's plugged into doesn't match the device which it was bound with - then it should factory reset.
Understood. |
However, having an 'ohshit' pin that I could solder to something interesting would be... especially if it can be activated via firmware |
Rather than having a 'self-destruct' pin, I want the OnlyKey device to self-destruct if it's plugged into any device other than the one it has been bound to.
This can be achieved through some kind of fingerprinting, additionally per-device HOTP could be derived using this fingerprint meaning the same drive (e.g. USB-C attached NVMe and same OnlyKey dongle) on another computer will not only fail to unlock but will trigger a kill-switch.
In combination with TPM, OPAL and UEFI SecureBoot this will address many edge cases where OnlyKey is currently vulnerable to physical attacks.
If this device could be combined with the USBkill device, so if not plugged into the bound device it jizzes the capacitors into the host, that would be double plus many cool.
I assume the OnlyKey model with large capacitor ticks hanging off it would be more expensive, unless it was able to be concealed in a 'battery pack' enclosure which would pass thru customs...
The text was updated successfully, but these errors were encountered: