HackerTrans
TopNewTrendsCommentsPastAskShowJobs

conorpp

no profile record

Submissions

Helping secure Binance Chain through responsible disclosure

jumpcrypto.com
1 points·by conorpp·3 tahun yang lalu·0 comments

Trussed – a new Rust framework for security chips that could replace JavaCard

trussed.dev
27 points·by conorpp·5 tahun yang lalu·2 comments

FIDO2 security key company releases hardware that's open source and uses Rust

solokeys.com
396 points·by conorpp·5 tahun yang lalu·157 comments

comments

conorpp
·5 tahun yang lalu·discuss
Good points as to why we should move away from proof of work blockchains.
conorpp
·5 tahun yang lalu·discuss
You could also say that the BTC/USD rate is proportional to the amount of interest...
conorpp
·5 tahun yang lalu·discuss
Some problems I am excited about cryptocurrency fixing:

- Sending money across borders.

- Decentralized exchanges that actually charge fair fees, unlike the centralized exchanges of today.

- Allowing more people to purchase goods online that previously had to no way to.

- Providing stable rates of return for your crypto based savings account (e.g. via staking).

- Lowering interest rates on loans by cutting out the middlemen.
conorpp
·5 tahun yang lalu·discuss
Reminds me of an ongoing & heated debate about T. rex -- Did the T. rex have lips?
conorpp
·5 tahun yang lalu·discuss
You are right, I lied a bit to oversimplify :)
conorpp
·5 tahun yang lalu·discuss
Just wanted to add since I didn't see this covered in other comments yet --

TOTP and any sort of one time code authentication are just as phishable as passwords. Perhaps the biggest benefit for most people using U2F or FIDO2, is the large resistance to phishing.

This is because of how the whole ecosystem has adopted FIDO2. When a FIDO2 key signs an assertion for a website, it includes the domain in the signature base, e.g. "example.com". The browser enforces that the request to the FIDO2 key always uses the correct name of the domain you're on.

If you accidentally go to a fake website, "exaample.com", then the key will make a signature for "exaample.com", which is invalid for "example.com". Nothing can be phished to get around that, unlike OTP codes.

Even if you have other 2FA options linked to your account, as long as you're using your FIDO2 key, you gain this benefit. Very strong benefit for both individuals and enterprises.
conorpp
·5 tahun yang lalu·discuss
The epoxy can't be physically removed without great risk of ripping off the electronics on the underlying circuit.

The epoxy can be chemically dissolved, but would deteriorate the outside of the device as well. It the epoxy isn't completely cleaned out, then refilling it with new epoxy would look messy. With great care and skill, it could be done with little damage, but would be time consuming.
conorpp
·6 tahun yang lalu·discuss
To add to this, we would like to be able to run open source & update-able code and leverage EAL certified secure elements. Chips like the SE050 have recently come on the market and will likely end up on our products eventually.
conorpp
·6 tahun yang lalu·discuss
New in V2:

- More secure microcontroller supporting secure boot, PUF, flash encryption, etc.

- Firmware rewritten in rust.

- Much more robust and durable construction.

- Touch buttons, reversible USB-A, USB-C

NFC is passively operated similar to other authenticators and is more reliable.

ED255 is supported in V2!