[Flounder] FIDO2 meeting report
Russell Coker
russell at coker.com.au
Sat Jan 20 17:44:21 AEDT 2024
I was going to email the chat but the copy/paste operation failed. In future
I'll paste the notes BEFORE ending the meeting. So I'll write stuff from
memory.
The Debian package fido2-tools allows talking to U2F devices (dongles for
FIDO2) and I used it to talk to a Yubico device I got from work.
https://webauthn.io/
https://webauthn.bin.coffee/
The above web sites test the WebauthN functionality of your browser and
hardware. Chrome and the Yubikey work on Debian/Bookworm for me.
https://www.yubico.com/products/security-key/
Yubikeys start at $25US which is reasonably affordable.
https://www.crowdsupply.com/solokeys/somu#products
https://tomu.im/somu.html
The Somu is an open source hardware device which does this and costs $35.
https://github.com/ellerh/softfido
Softfido is a software emulation of Fido hardware. It is not in Debian but
the Debian package softhsm provides the dependency for it.
https://wiki.debian.org/Security/U2F
The Debian U2F wiki page is worth reading.
https://forums.debian.net/viewtopic.php?t=151442
People have got LUKS unlocking via Fido2 keys.
https://mjg59.dreamwidth.org/66429.html
Your LUKS key derivation function can be a weakness in your LUKS setup. This
is separate from Fido2/TPM stuff.
Everyone had fun and learned some things, so the meeting was a success even
though we didn't get Fido2 emulation working.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the Flounder
mailing list