Mullvad Introduces Open Source USB Security Key
- An American company made 0.7nm chips: EUV lithography machines can’t do it
- CVE-2007-4559 Python vulnerability ignored for 15 years puts 350,000 projects at risk of code execution
- RISC-V only takes 12 years to achieve the milestone of 10 billion cores
- 14000 cores + 450W: RTX 4080 graphics card perfectly replaces the RTX 3080
- Big upgrade: The difference between Bluetooth 5.0 and 5.2
- Geeks Disappointed that RTX 4080/4090 doesn’t come with PCIe 5.0
- What are advantages and disadvantages of different load balancing?
Mullvad Introduces Open Source USB Security Key.
Mullvad is a Sweden-based open source commercial VPN service provider founded in 2009.
Now, after years of working in software services, Mullvad is also getting into hardware security.
At the recent Open Source Firmware Conference (Open Source Firmware Conference), Mullvad showed a new USB security key – Tillitis Key.
According to the official introduction, Tillitis Key can be used for purposes such as logging in to computers and websites or performing digital signatures.
Functionally, the Tillitis Key shares many similarities with Fido2 solutions such as Yubikey, but it also has a very unique side.
First of all, Tillitis Key is completely open source, including its software and hardware, as well as its PCB design.
Because of this, it is also more trustworthy, while other security keys on the market usually use closed-source hardware.
Second, Tillitis Key uses a “measured boot” system that measures security applications when the application is loaded on the device.
The measurements are combined with the Unique Device Key (UDS) to derive the application’s key.
The purpose of this is that if the application is modified, the resulting key will also change.
Conversely, if the resulting key is the same as the last time the app was loaded on the same device, it can be trusted that the app has not been modified.
It’s worth noting that the Tillitis Key will continue to work if the app gets an update, but it also depends on how the app developer enabled code signing.
For more detailed information, check out Tillitis Key’s Github repository , including PCB schematics, source code, and more.
- DIY a PBX (Phone System) on Raspberry Pi
- How to host multiple websites on Raspberry Pi 3/4?
- A Free Intercom/Paging system with Raspberry pi and old Android phones
- DIY project: How to use Raspberry Pi to build DNS server?
- Raspberry Pi project : How to use Raspberry Pi to build git server?