Conversation

Notices

1. Embed this notice
   Rich Felker (dalias@hachyderm.io)'s status on Saturday, 30-Nov-2024 10:54:25 JST Rich Felker

   • mcc

   @ireneista @mcc Yes, when devices with private keys on them have been lost/stolen/seized it's important to revoke trust in them ASAP.

   • Embed this notice
     mcc (mcc@mastodon.social)'s status on Saturday, 30-Nov-2024 10:59:16 JST mcc

     in reply to

     • Andrew Zonenberg

     @azonenberg @dalias @ireneista was your solution strong to repeater attacks

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Saturday, 30-Nov-2024 10:59:16 JST Rich Felker

     in reply to

     • mcc
     • Andrew Zonenberg

     @mcc @azonenberg @ireneista Relativity makes it possible to be strong to repeater attacks. You can always verify that the device you're communicating with is within a certain physical range.

   • Embed this notice
     Andrew Zonenberg (azonenberg@ioc.exchange)'s status on Saturday, 30-Nov-2024 10:59:17 JST Andrew Zonenberg

     in reply to

     • mcc

     @dalias @ireneista @mcc Reminds me of a project I was working on years ago. Ultrasound based dead man's switch that verifies a hardware token in your pocket etc is within a geofence of the computer.

     The idea was that if you get tackled and dragged away from your computer, laptop stolen off the table in front of you, etc. it'll automatically run a script to lock, shut down, remote wipe, etc. depending on your threat model.

   • Embed this notice
     mcc (mcc@mastodon.social)'s status on Saturday, 30-Nov-2024 11:02:21 JST mcc

     in reply to

     • Andrew Zonenberg

     @dalias @azonenberg @ireneista yes but only if u actually do the verification

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Saturday, 30-Nov-2024 11:02:21 JST Rich Felker

     in reply to

     • mcc
     • Andrew Zonenberg

     @mcc @azonenberg @ireneista Well if it's just a concept you haven't implemented and don't have to implement, it's trivial to include that in the concept. 🤪

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Saturday, 30-Nov-2024 11:04:19 JST Rich Felker

     in reply to

     • mcc
     • Andrew Zonenberg

     @azonenberg @mcc @ireneista Needs to be ns-scale to preclude repeaters. 10 ms can go halfway across a continent.

   • Embed this notice
     Andrew Zonenberg (azonenberg@ioc.exchange)'s status on Saturday, 30-Nov-2024 11:04:20 JST Andrew Zonenberg

     in reply to

     • mcc

     @mcc @dalias @ireneista Yes it did real time HMAC based authentication with latency measurements based on the speed of sound and direction finding using the laptop stereo mics.

     An RF relay could potentially work but you'd need to keep it very close to keep the total E2E latency including sound travel path less than say 10 ms depending on how big your geofence is.