there is actually a proper reason for why you don’t want firmware rewritable. If someone does steal the key they can rewrite it. This is something I’ve discussed with colleagues even for Tillitis T-Key
Vulnerabilities will always be found in any piece of hardware given enough time, and this recent one requires about $11K in hardware and tons of cryptographic knowledge and electrical engineering knowledge.
Yubico addressed it by creating their own crypto library
ChiefGyk3D /
npub1j6…wef8k
2024-09-09 04:17:22
in reply to nevent1q…mffh
Author Public Key
npub1j6x37cgktdd9astwr6peajs5xdwrfg0glw5slpzqcrx6un9fpmws2wef8kPublished at
2024-09-09 04:17:22Event JSON
{
"id": "f1a2e8cf0cdec7720317db0e661a7d9af6022a5a44590a561863afef85e02459",
"pubkey": "968d1f61165b5a5ec16e1e839eca14335c34a1e8fba90f8440c0cdae4ca90edd",
"created_at": 1725855442,
"kind": 1,
"tags": [
[
"p",
"0a8b393640c80aa67cc7f444425826c2ebbc9a164f6a87247bf517b3e9de93a4"
],
[
"p",
"968d1f61165b5a5ec16e1e839eca14335c34a1e8fba90f8440c0cdae4ca90edd"
],
[
"e",
"2e45df15167e92500fa926bd7a9de4cc4ad4ba3f47f9a512078a25f74c8b5697",
"",
"reply",
"0a8b393640c80aa67cc7f444425826c2ebbc9a164f6a87247bf517b3e9de93a4"
],
[
"e",
"6ece4a0a19b3af65c93aab3890ceaf1c8d2c82e05a657cc3bda024eeba115f17",
"",
"root",
"968d1f61165b5a5ec16e1e839eca14335c34a1e8fba90f8440c0cdae4ca90edd"
],
[
"proxy",
"https://social.chiefgyk3d.com/@chiefgyk3d/113105662248504717",
"web"
],
[
"proxy",
"https://social.chiefgyk3d.com/users/chiefgyk3d/statuses/113105662248504717",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://social.chiefgyk3d.com/users/chiefgyk3d/statuses/113105662248504717",
"pink.momostr"
],
[
"-"
]
],
"content": "there is actually a proper reason for why you don’t want firmware rewritable. If someone does steal the key they can rewrite it. This is something I’ve discussed with colleagues even for Tillitis T-Key\n\nVulnerabilities will always be found in any piece of hardware given enough time, and this recent one requires about $11K in hardware and tons of cryptographic knowledge and electrical engineering knowledge. \n\nYubico addressed it by creating their own crypto library",
"sig": "70c3db088bf3f4bc6ea71158ca09d691d5483fdc9d11a8514b9b7461295b5ab493fc9d805b0048309aabbf549cf08aa6ed88ac7c0855c6f45c5d540b36d473c7"
}