onlykey
commented
1 year ago Some considerations for this feature request:
- How do we prevent inadvertent self-destruct? I.e. A child plugs in your device and wipes it.
- What kind of fingerprinting would be used that couldn't be spoofed?
- OnlyKey is not designed to have a battery/capacitor, this is not something we plan to add
We typically implement features that have the widest range of use and interest from a large number of users. I will leave this open, feel free to add to this if there is interest.
HarryR
Rather than having a 'self-destruct' pin, I want the OnlyKey device to self-destruct if it's plugged into any device other than the one it has been bound to.
This can be achieved through some kind of fingerprinting, additionally per-device HOTP could be derived using this fingerprint meaning the same drive (e.g. USB-C attached NVMe and same OnlyKey dongle) on another computer will not only fail to unlock but will trigger a kill-switch.
In combination with TPM, OPAL and UEFI SecureBoot this will address many edge cases where OnlyKey is currently vulnerable to physical attacks.
If this device could be combined with the USBkill device, so if not plugged into the bound device it jizzes the capacitors into the host, that would be double plus many cool.
I assume the OnlyKey model with large capacitor ticks hanging off it would be more expensive, unless it was able to be concealed in a 'battery pack' enclosure which would pass thru customs...