On 2024-03-31 10:47:57, Luca Boccassi wrote: > On Sun, 31 Mar 2024 at 08:39, Bastian Blank <wa...@debian.org> wrote: > > > > On Sun, Mar 31, 2024 at 12:05:54PM +0500, Andrey Rakhmatullin wrote: > > > On Sat, Mar 30, 2024 at 11:22:33PM -0300, Santiago Ruano Rincón wrote: > > > > As others have said, the best solution is to relay on HSW for handling > > > > the cryptographic material. > > > Aren't these answers to different questions? > > > Not all attacks are about stealing the key or using it to sign unintended > > > things. > > > > Also a HSM does only allow to control access to the cryptographic > > material. But it asserts no control over what is actually signed. > > > > So an attacker needs to wait until you ask the HSM it is okay to sign > > something. > > > > Bastian > > This is true as in the default configuration you get asked for the > yubikey pin only once per "session", and then it's cached > transparently and there's no GUI feedback when the token is used (the > light on it blinks, but noticing that requires having it in line of > sight at all times). However, it's already better than nothing as it > means such an attack must be "online", and run in the same "session" > as the active user, so perfect should definitely not be the enemy of > good here IMHO. Also, iirc this can be configured to always ask for > the pin on each signature, although this could get burdensome. But > given the very low price of yubikeys (or similar tokens), and how well > and seamless they work these days, I think the offer of buying any DD > that doesn't have one such a token is one that we should take up and > make it happen.
Jumping in late in the HSM thread, but I'm not sure I understand the exact setup people propose. Option 1: Moving keys to one yubikey, while keeping the original key material "safe" offline. How do you know the "safe offline" material is safe and hasn't been copied? Option 2: Generate keys on the yubikey and have them never leave the secure enclave. That means having 2 yubikeys per developer, and ensuring you keep track of _two_ keys, but it does ensure there's a physical binding to the key. Are there other options? And which option is proposed? I have quite a few yubikeys, but I haven't migrated to use them since it's not clear to me what is a good, and recommended, workflow. I'm relatively against option 1, since the "safe offline" key material somehow doesn't appeal to me. regards, iustin
