oem-factory-reset should reduce RSA keysize for Nitrokey start by default - Githubissues

linuxboot / heads

A minimal Linux that runs as a coreboot or LinuxBoot ROM payload to provide a secure, flexible boot environment for laptops, workstations and servers.

https://osresearch.net/

GNU General Public License v2.0

1.4k stars 181 forks source link

oem-factory-reset should reduce RSA keysize for Nitrokey start by default #1306

Open tlaurion opened 1 year ago

tlaurion commented 1 year ago

Nitrokey start supports only RSA keys of 2048 (repeat: no HOTP support there).

Heads should change the default to deal with its exposed IDs: NK Start PID:VID : 20a0:4211

Discussion trace before: https://matrix.to/#/!pAlHOfxQNPXOgFGTmo:matrix.org/$Agpyn13vPKp0Xjr3EzuLcj4j9hwx8xXvOQBwRvVI7tU?via=matrix.org&via=nitro.chat&via=talk.puri.sm

[ ] should also be part of qemu-coreboot board configs to be used in tests (even though there is no HOTP support, TOTP variants still need a USB Security dongle)

saper commented 1 year ago

Is switching to ECDSA an option? (with NIST curves)