Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
yjftsjthsd-h 2 hours ago

Oh, yes, I missed that the TOTP machine was compromised:\ Would that then imply that it would have been okay if codes came from a separate device, eg. a TOTP app on a Palm OS device with zero network connectivity? (Or maybe these days the easiest airgapped option is an old android phone that stays in airplane mode...)

dcrazy 2 hours ago | parent | next [-]

The easiest approach is a provider-issued hardware dongle like a SecurID or Yubikey. Lack of end-user programmability is a feature, not a bug.

yjftsjthsd-h an hour ago | parent [-]

> Lack of end-user programmability is a feature, not a bug.

I would argue that the problem is network accessibility, not programmability.

dcrazy an hour ago | parent [-]

When designing a system for secure attestation, end-user programmability is not a feature.

It would not be an advantage for your front door lock to be infinitely reprogrammable. It’s just a liability.

yjftsjthsd-h an hour ago | parent [-]

I mean, I guess attestation might have some value, but it feels like moving the goalposts. Under the threat model of a remote attacker who can compromise a normal networked computer, I can't think of an attack that would succeed with a programmable TOTP code generator that would fail if that code generator was not reprogrammable. Can you?

> It would not be an advantage for your front door lock to be infinitely reprogrammable. It’s just a liability.

Er, most door locks are infinitely reprogrammable, because being able to rekey them without having to replace the whole unit is a huge advantage and the liability/disadvantage is minimal (falling under "It rather involved being on the other side of this airtight hatchway" in an unusually almost-literal sense where you have to be inside the house in order to rekey the lock, at which point you could also do anything else).

dcrazy 24 minutes ago | parent [-]

Sorry, attestation is the goalpost. The community wants certainty that the package was published by a human with authority, and not just by someone who had access to an authority’s private keys. That is what distinguishes attestation from authentication or authorization.

nurettin 2 hours ago | parent | prev [-]

Yes, unfortunately authenticator apps just generate TOTP codes based on a binary key sitting in plain sight without any encryption. Not that it would help if the encrypting/decrypting machine is pwned.