[Cryptography] Show Crypto: prototype USB HSM

Tony Arcieri bascule at gmail.com
Tue Apr 12 20:39:27 EDT 2016


On Tue, Apr 12, 2016 at 8:28 AM, Ron Garret <ron at flownet.com> wrote:

> Some hardware tokens have an input device built in (usually a push button,
> sometimes a fingerprint sensor) which needs to be activated before the
> token will operate, but these are still subject to phishing attacks


Not to rain on your parade, but if you're talking about authentication
contexts, U2F solves the phishability problem by deriving domain-separated
keys per origin, so it's not possible for an attacker to leverage it for
phishing purposes.

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160412/9b6bb552/attachment.html>


More information about the cryptography mailing list