Why do security keys store secrets unencrypted or poorly encrypted?
3 by filipzyzniewski | 0 comments on Hacker News.
I have started designing infrastructure for my projects and I think having a proof of identity is a good starting point. I have looked at devices like https://ift.tt/2NYvfN9, https://onlykey.io/, https://ift.tt/2IHLL25 and https://asicvault.io/ and got surprised by the general approach to keeping secrets secret. Why do these devices focus (to a varying degree) on physically protecting secret data from retrieval from permanent storage rather than having the user enter a strong passphrase and store the secret data encrypted with a key encrypted with this passphrase? The device could be equipped with power capacitors and could run a RAM wiping procedure on each disconnect from the host device (also after a configurable time [e.g. from 0 to x hours] after last use). Would this not make reliance on strong physical protections less necessary? The passphrase should of course be supplied without involvement from the host via either a builtin keyboard or (less secure) by the device acting as an USB host for a normal consumer keyboard (so the device would have two USB ports - one implementing a USB device and another a USB host). Sure, it's less convenient than just tapping a Yubikey, but OTOH public key authentication could be used instead of 2FA (the user would type in the passphrase on their security key rather than in a service's login UI) for web services.