Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Purism Announces the "Librem Key"

posted by Fnord666 on Tuesday September 25 2018, @09:15PM   Printer-friendly
from the another-thing-for-your-key-ring dept.

An Anonymous Coward writes:

The Librem Key is an OpenPGP smart card supporting up to 4096-bit RSA keys and 512-bit ECC keys. These keys are intended to be used as basic security token functions -- they will work with any laptop/PC but reportedly offer extra features when paired with Librem laptops or devices supporting the Heads security firmware.

https://www.phoronix.com/scan.php?page=news_item&px=Purism-Librem-Key

In addition to the standard features of a security token (GPG key storage and multi-factor authentication) that the Librem Key can perform on any computer, here are some of the interesting integration options with our Librem laptops we are already looking into with the Librem Key that will make security much more convenient for users who are facing average threats:

  • Insert the Librem Key at boot and automatically decrypt your hard drive
  • Automatically lock your laptop whenever you remove the Librem Key
  • Use your Librem Key to log in

https://puri.sm/posts/introducing-the-librem-key/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Purism Announces the "Librem Key" | Log In/Create an Account | Top | 17 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Informative) by stormwyrm on Tuesday September 25 2018, @10:53PM (5 children)

    by stormwyrm (717) on Tuesday September 25 2018, @10:53PM (#739914) Journal

    FTA:

    In addition to multi-factor authentication, security tokens can also often store your private GPG keys in a tamper-proof way so you can protect them from attackers who may compromise your laptop. With your private keys on the security token, you can just insert the key when you need to encrypt, decrypt, sign, or authenticate and then type in your PIN to unlock the key. Since your private keys stay on the security token, even if an attacker compromises your computer, they can’t copy your keys (and even if you leave the key plugged in, they need to know your PIN to use it).

    There is still some kind of PIN, so you can still plead the Fifth even with something like this.

    --
    Numquam ponenda est pluralitas sine necessitate.
    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 2) by c0lo on Tuesday September 25 2018, @11:41PM (3 children)

    by c0lo (156) Subscriber Badge on Tuesday September 25 2018, @11:41PM (#739939) Journal

    Thanks for the info - obviously, I didn't RTFA
    How much entropy in that PIN? Any brute-force countermeasures?
    (Obviously, I don't intend to RTFA :) )

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

    • (Score: 1, Interesting) by Anonymous Coward on Tuesday September 25 2018, @11:50PM

      by Anonymous Coward on Tuesday September 25 2018, @11:50PM (#739943)

      Typically, the idea of these devices is that the secrets are known only to the device, they include some modicum of physical tamper protection, and self-destruct on any failure. Usually that includes failing to correctly the PIN more than a certain number of times consecutively.

      This is essentially the same idea as chip & pin credit cards.

    • (Score: 1, Interesting) by Anonymous Coward on Wednesday September 26 2018, @12:35AM (1 child)

      by Anonymous Coward on Wednesday September 26 2018, @12:35AM (#739960)
      It could just be a simple four-digit PIN. But if you enter the wrong PIN more than a few times, the Librem Key self-destructs all the secrets it holds. So who cares if it's only 13.3 or so bits of entropy, you still can't brute force the PIN unless there's a critical security flaw in the Key itself.

  • (Score: 2) by DannyB on Wednesday September 26 2018, @01:56PM

    by DannyB (5839) Subscriber Badge on Wednesday September 26 2018, @01:56PM (#740176) Journal

    If I'm going to use two of the three factors, my preference would be:
    1. something I have (the USB key)
    2. something I am (my retina scan)

    That is much more convenient.

    . . . both for me and for border security / TSA. All they need is my USB key and my eyeball.

    --
    To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.