NFC support? #15
Comments
|
NFC support cannot happen on the Nordic dongle for 2 main reasons:
This is technically possible to do it and design it, for example, on the nRF52840-DK development kit which has all the requirements (antenna and battery). But I'm not aware about an off-the-shelf board that would provide this in a portable form factor. |
|
I have the same question. These dongles need just usb and NFC for FIDO authentication. Other wireless authentication is a failure, considering years of evidence both are exploitable .. I have no idea why it would be using wireless to connect to a desktop ? It just needs NFC tap for phones. Those boards are not so useful, and confused of it's purpose. Is there another one comparable to my current Yubikey to try ? |
|
So support for NFC is not planned then? Or should this ticket be open as a reminder that some want NFC support? How has Yubico solved it in such a portable way? |
|
Isn't a similar usb token (and most secure keys/2fa features) with cert (Brazilian* or Estonia gov use that individual certs) when insert the SK, a password (or PIN) then login occur. For the NFC I think as Google Authenticatior feature sounds good but not for a Secure Key *PS - Its need use that security keys with a pin governmental use |
|
I'm a Yubikey user. Have been for years. I use it for my windows login also. I have not tried the NFC tap on the phone but probably should try whatever supports it. Phone apps don't even support it. Facebook certainly doesn't ask for it when I need it on the desktop, neither does Gmail. So the phone is the backdoor into my stuff because of no Yubikey. Google Authenticator is a failure, there is rootkits to get access to that stuff now and resets with the phone. What I don't get about that dongle is why it has wireless capabilities known to have security issues. It shouldn't have wireless on here at all. It should have NFC. Is there a better dongle board to try ? |
|
It's not because the Nordic chip supports wireless protocols that they are enabled. At the moment they're not. Should we want to support them in the future, it's convenient to be able to do it with just a firmware update rather than having to completely change the hardware. And that was part of the choice for the Nordic chip. And NFC is a wireless protocol by the way :) |
|
@BigPictures solokeys looks amazing and the ticket. Both Bluetooth and Wifi have constant hardware security issues and a contradiction for a security key. So Solokeys has it's own firmware then and not suitable with OpenSK ? A hardware key should be usb and nfc only if anything. |
|
The LPC55S69 is still a Cortex-M chip so it's definitely possible to run Tock on it and then OpenSK. But because the chip is currently not supported out of the box, it's a substantial amount of work to add it: one has to write all the drivers in Tock in order to have buttons, LEDs, GPIOs, a console, a way to flash the board, and in the case of OpenSK, adding USB. |
|
I noticed after I wrote that that Tock OS has experimental support for an STM32 board -- SoloKeys currently uses an STM32L432. Anyway, it'd still likely be quite a bit of work. |
|
Good news on that front. NFC support will be added within the next months for the Nordic chip. Caveats: although the Nordic chip internally supports NFC, it has the following 2 limitations:
|
|
I recently found a NXP QN9080 USB dongle that has a built-in NFC antenna and has an Arm Cortex-M4F MCU. Theoretically, you can install OpenSK, add a small battery and get a compact NFC security key, but I have a feeling that I missed something.) |
|
By the shape and the look of it, the antenna is for Bluetooth, not for NFC. |
I know it's early in the project, but is NFC support planned?
And how does that feature look priority wise?
The text was updated successfully, but these errors were encountered: