GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Embed Notice

HTML Code

Corresponding Notice

  1. Embed this notice
    silverpill (silverpill@mitra.social)'s status on Monday, 16-Jan-2023 05:10:26 JSTsilverpillsilverpill
    in reply to
    • arcanicanis

    @arcanicanis For me the most interesting part of the standard (as you described it) is where device generates app-specific key from a master key and presents it to a service. The lack of this feature is one of the major flaws in existing browser wallets. For example, in MetaMask you are supposed to use one account for everything, so all your activities across the web are linked (it's possible to use multiple accounts but it's very cumbersome).
    I'm not really interested in hardware tokens because I generally don't trust "trusted" hardware (it's a natural place to put a backdoor). Also, hardware tokens are bad from a physical security perspective: once hardware token is found, all your secrets can easily be extracted with rubber-hose cryptanalysis. It's much easier to hide a key file, you can even hide it in plain sight using steganography.

    >you could do a software-based token

    Have you seen anyone implementing that?

    >pi-zero-security-key

    I like this idea, but the project looks abandoned (no commits since 2020).

    In conversationMonday, 16-Jan-2023 05:10:26 JST from mitra.socialpermalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.