ghost
commented
2 years ago Another USB key generator + typer: https://github.com/wuabit/wuabit-dust
Open ghost opened 2 years ago
ghost
commented
2 years ago Another USB key generator + typer: https://github.com/wuabit/wuabit-dust
If you were to use a microSD card exclusively for storing a mnemonic, in theory there's no obvious difference between storing a plaintext file of your mnemonic on an SD card vs. as a QR code on paper, assuming: 1) Krux writes the mnemonic to the microSD card itself (i.e., you don't do this on a computer) 2) You never plug the card into anything other than an airgapped Krux thereafter
However, in Krux we use a microSD card for storing firmware updates, saving settings, and (if enabled) writing log files that we expect could be opened up on a computer. Therefore, given that we already set the precedent that microSD cards are for "safe" data, I think this rules out also using a microSD card to store a mnemonic.
But not the overall concept.
We still have a USB-C port on the device that we could take advantage of, and the YubiKey in particular is appealing for this because it's built to store keys.
Specifically, the YubiKey has a "Static Password" feature where you can securely generate a password up to 64 characters in length. You can then plug the YubiKey into something and have it simulate keyboard input. For our purposes, this 64 character password could be deterministically converted into a 24-word BIP39 mnemonic in the same way that the SHA256 of dice rolls currently are.
In effect, I think it should be possible to use a YubiKey to generate and store a mnemonic.
EDIT: It looks like there are two open-source alternatives, Nitrokey and SoloKeys Solo 1 + 2, that may offer similar functionality.
EDIT 2: https://github.com/solokeys/solo1-cli#challenge-response This may be a more general solution allowing any FIDO2 security key to be used for this purpose, with the (big) gotcha that Krux would need to "speak" FIDO... If that proves too difficult, it looks like you can make a Solo Key (Hacker version) "type" a password the same way YubiKey does by loading custom firmware onto it: https://github.com/solokeys/solo1/pull/446
EDIT 3: If the challenge-response method is used, an additional benefit would be that the challenge (which is signed with the private key on the device, and this signature for Krux's purposes would be the entropy source to generate the mnemonic) could be user-generated. This challenge could function as a password for the key device.