Home < Bitcoin++ < Lightning Specification < Bitcoin Review Podcast < Bitcoin Core Dev Tech < Stephan Livera Podcast < Advancing Bitcoin < Bitcoin Magazine < Bitcointranscripts < TABConf < London Bitcoin Devs < Misc < MIT Bitcoin Expo < Greg Maxwell < Chaincode Labs < Sydney Bitcoin Meetup < Bitcoinology < c-lightning < Adopting Bitcoin < IACR Crypto < Wasabi Research Club < Lightning Hack Day < Blockstream Webinars < Munich Meetup < TFTC Podcast < Realworldcrypto < SF Bitcoin Meetup < CPPcon < Bitcoin Design < Chicago Bitdevs < VR Bitcoin < LA Bitdevs < Ruben Somsen < Honey Badger Diaries < Andreas Antonopoulos < Austin Bitcoin Developers < Stanford Blockchain < Coordination of Decentralized Finance < Lightning Conference < Cryptoeconomic Systems < Bitcoinops < Baltic Honeybadger < Scaling Bitcoin Conference < Bitcoin Edge Dev++ < Decentralized Financial Architecture Workshop < Dallas Bitcoin Symposium < Breaking Bitcoin < Lets Talk Bitcoin Podcast < What Bitcoin Did Podcast < Magicalcryptoconference < Noded Podcast < Boltathon < Grincon < Verifiable Delay Functions < Building On Bitcoin < Layer2 Summit < Satoshi Roundtable < Blockchain Protocol Analysis Security Eng < Developers-Miners Meeting < W3 Blockchain Workshop < Simons Institute < Bit Block Boom < Coindesk Consensus < Rebooting Web Of Trust < Texas Bitcoin Conference < Yubikey Security

Yubikey Security

Speakers: Greg Maxwell

Date: November 5, 2020

Transcript By: Michael Folkson

Tags: Security

Media: https://www.reddit.com/r/Bitcoin/comments/jp2fp3/opinion_regarding_security/gbhojor?utm_source=share&utm_medium=web2x&context=3

By this logic, a yubikey would also be a great targeting vector.

They would be, and if US intelligence services have not compromised yubis or at least have a perfect targeted substitution solutions for them then they should all be fired for gross incompetence and mismanagement of their funding.

Likewise, if parties which things of significant value to secure who might be targeted by state level attackers are securing those things with just yubs instead of using yubis as a second factor in an otherwise secure setup then those parties ought to be fired too.

There are places where yubis are used as single-factor security but thats rare, compared to bitcoin hardware wallets where single factor use is essentially universal.

You can’t possibly claim an operating system with a monolithic kernel and thousands of packages is more auditable compared to

I can and I do. You have to also factor in the number of reviewers, ease of review, and targetedness of the attack.

So for example: Standard hardware wallets leak secret material via timing sidechannels pretty much universally (there are a couple that probably don’t, but most do), even though it is not hard to avoid this. Why? Because there is essentially no effective review. The software running on these devices ends up being created by one or two person teams, and copy and pasted all over the place.

A device with a secure chip and which runs nothing else but an open source firmware that I can actually handle at auditing myself, in addition to confirming what it runs exactly via a reproducible build.

“Secure chip” also means you cannot confirm what the device is actually running. You can build all you want, and compare that this matches the firmware signed by the maker but you have no idea if that is what is actually running on the device, only that the device claims that its running that.

Moreover, under your theory that all linux kernels are vunlerable to network attacks even on locked down machines, the HW wallets still end up compromised: because the vulnerable hosts can be used to compromise the HW firmware, or cause the user to purchase a compromised/backdoored device.