[Cryptography] Keeping Malware from Using Security Hardware

Jon Callas jon at callas.org
Wed Mar 5 19:56:08 EST 2025 

A few comments on your broad discussion.

I think that the generalized FIDO authentication key might be a good-enough implementation. We see now two major implementations of it. A hardware form factor like Yubikeys and others, and software implementations like passkeys. The major issues with them are breadth of support and user experience. Each of those is in progress, it's certainly still a mess, but I think it's a good thing overall; so much so that I think it's reasonable to think of them not as a second factor, but the only factor.

You describe perhaps the major unsolved problem -- a con job. Or hacking the person, not the technology. I think the general case is unsolvable. Consider a case where Alice tells Bob, "don't buy those supplements, they're a scam," they are indeed a scam (let's suppose they're just sugar pills), but Bob wants to buy them anyway knowing they're what Alice, you, and me all agree is a scam. One could argue that meme stocks and other things fall into this category. 

There are a number ways that the real problem you discussed there can be mitigated, and there are lots of round-trip authentication factors that use this basic technique. Texts or emails with a one-time code, "magic links" to log in, and other things force a round-trip with the registered owner of the account. I think we can summarize them by saying they're hardly foolproof, and yet incredibly useful. 

The comments you made on the DPRK heist are spot on, and I only add one thing. It's a feature of cryptocurrency that a transfer is irrevocable. Some people think it's desirable, some think it's undesirable, some think it's just the way things are, and a core facet of that heist is that it happened on a financial network with irrevocable transactions because that was a necessary component of the heist. These systems have as part of what they are that they are irrevocable, and this leads to that sort of problem more than anything else. Revocable systems (like credit cards) have a different set of features with people having opinions about whether they're good, bad, or indifferent.

	Jon

More information about the cryptography mailing list