Nitrokey, the way to secure your valuables...

Nitrokey

newbie

Activity: 4

Merit: 0

Quote from: larem on December 15, 2015, 01:51:53 AM

so things are stored on the key itself?

Yes, in a way that one-time password secrets and private keys can't be
exported out of the device for security reasons.

Quote

How many passwords can it hold, and can it do multiple for a single site?

We recommend to use one-time passwords which are more secure than
ordinary static passwords. However, for legacy reasons you can store up
to 16 static passwords on the Nitrokey. Of course you are free to store
multiple passwords for a single site.

Quote

I had a pass manager get compromised in the past, which sucks. I spent HOURS resetting almost 800 passwords because of it. A hardware alternative would be a HUGE increase in security I think.

Said for you, we aim for high security solutions instead of these questionable
web services...

larem

sr. member

Activity: 350

Merit: 250

Quote from: Nitrokey on December 14, 2015, 05:38:35 PM

Quote from: larem on December 12, 2015, 09:23:42 PM

Does this mean it's basically like a password manager (LastPass and the like) but hardware-based? If so, what if you're using it on a compromised system?

It is more then that. It is using a smart card (OpenPGP card) to store the secret key, which cannot be extracted from the device. Even with the admin PIN the secret key can be only deleted or overwritten. It has its own CPU to perform various cryptographic tasks (encryption, decryption, digital signing/verification, authentication etc.).

But it has to be initialized on a clean system. We might consider a preconfigured Nitrokey in the future, with the admin/user PIN to rub, like a telephone SIM card PIN and SuperPIN, but if you would want it?

Running on compromised system would give access to the user PIN, so a task could be executed, but only if the stick is connected and the access will be indicated by a LED.

Very interesting... so things are stored on the key itself? How many passwords can it hold, and can it do multiple for a single site? I had a pass manager get compromised in the past, which sucks. I spent HOURS resetting almost 800 passwords because of it. A hardware alternative would be a HUGE increase in security I think.

Nitrokey

newbie

Activity: 4

Merit: 0

Quote from: jt byte on December 13, 2015, 02:39:01 PM

It's too bad you post this from a newbie account + there is no address on your site.
The specs really look good to me. I sent some mails on a daily basis that I either move to another inbox or remove since consist of private information.
Such a service is quite good to be honest. Especially since it is open source.

Everybody has to start once

For the address please check the:

https://www.nitrokey.com/legal-information

And thanks for the positive opinion!

Nitrokey

newbie

Activity: 4

Merit: 0

Quote from: larem on December 12, 2015, 09:23:42 PM

Does this mean it's basically like a password manager (LastPass and the like) but hardware-based? If so, what if you're using it on a compromised system?

It is more then that. It is using a smart card (OpenPGP card) to store the secret key, which cannot be extracted from the device. Even with the admin PIN the secret key can be only deleted or overwritten. It has its own CPU to perform various cryptographic tasks (encryption, decryption, digital signing/verification, authentication etc.).

But it has to be initialized on a clean system. We might consider a preconfigured Nitrokey in the future, with the admin/user PIN to rub, like a telephone SIM card PIN and SuperPIN, but if you would want it?

Running on compromised system would give access to the user PIN, so a task could be executed, but only if the stick is connected and the access will be indicated by a LED.

jt byte

hero member

Activity: 994

Merit: 500

It's too bad you post this from a newbie account + there is no address on your site.
The specs really look good to me. I sent some mails on a daily basis that I either move to another inbox or remove since consist of private information.
Such a service is quite good to be honest. Especially since it is open source.

larem

sr. member

Activity: 350

Merit: 250

Quote from: Nitrokey on December 12, 2015, 08:15:30 PM

...is an open source, open hardware project (Made in Berlin) to secure your passwords, private keys, data and more.

Nitrokey at Nitrokey.com provides:

Secure login to your favourite web accounts by using one-time passwords as a second factor. One-time passwords are generated by the Nitrokey and are valid only once. If your primary password is stolen the attacker cannot login without your Nitrokey.
Ordinary static passwords can be stored securely in the Nitrokey hardware. For this purpose the Nitrokey App serves as a simple password manager.
FIDO U2F second factor authentication. U2F is currently supported by Google, YouTube, Dropbox, and GitHub. We offer the separate Nitrokey U2F model and are working on integrating U2F into the other models as well.
SSH keys can be stored on the Nitrokey and the actual login is key-based.

In order to provide also a secure storage place with hidden volumes, we have started a crowdfunding campaign at Indiegogo for Nitrokey Storage:

http://igg.me/at/nitrokey/x

Nitrokey Storage is a USB device that operates as a “digital latchkey” to protect your data and user accounts. It allows the secure encryption of emails, files and hard drives, secure login on the web and contains encrypted mass storage for your files. The encryption keys are stored securely in the hardware at all times. Insecure and difficult-to-remember passwords are replaced with this secure and easy-to-use USB key.

Please support us, spread the info and get your perk!

And soon you can pay your Nitrokey in Bitcoin.

Does this mean it's basically like a password manager (LastPass and the like) but hardware-based? If so, what if you're using it on a compromised system?

Nitrokey

newbie

Activity: 4

Merit: 0

...is an open source, open hardware project (Made in Berlin) to secure your passwords, private keys, data and more.

Nitrokey at Nitrokey.com provides:

Secure login to your favourite web accounts by using one-time passwords as a second factor. One-time passwords are generated by the Nitrokey and are valid only once. If your primary password is stolen the attacker cannot login without your Nitrokey.
Ordinary static passwords can be stored securely in the Nitrokey hardware. For this purpose the Nitrokey App serves as a simple password manager.
FIDO U2F second factor authentication. U2F is currently supported by Google, YouTube, Dropbox, and GitHub. We offer the separate Nitrokey U2F model and are working on integrating U2F into the other models as well.
SSH keys can be stored on the Nitrokey and the actual login is key-based.

In order to provide also a secure storage place with hidden volumes, we have started a crowdfunding campaign at Indiegogo for Nitrokey Storage:

http://igg.me/at/nitrokey/x

Nitrokey Storage is a USB device that operates as a “digital latchkey” to protect your data and user accounts. It allows the secure encryption of emails, files and hard drives, secure login on the web and contains encrypted mass storage for your files. The encryption keys are stored securely in the hardware at all times. Insecure and difficult-to-remember passwords are replaced with this secure and easy-to-use USB key.

Please support us, spread the info and get your perk!

And soon you can pay your Nitrokey in Bitcoin.

Topic: Nitrokey, the way to secure your valuables... (Read 1188 times)