Beta 3 Release Notes
Configurable Inactivity Lockout
Now the user is able to set their own lockout period. This is the amount of time that the OnlyKey should remain unlocked while not being used. The default value is 30 minutes.
Configurable Keyboard Type Speed
Now the user is able to set their own type speed. Setting a custom type speed may be desirable in cases where the application you are using can not keep up with fast typing. Or if you don’t use any applications like this you can have the text typed at top speed for the fastest logins.
Configurable Wipe Mode
If you are using the plausible deniability feature there is one scenario where an adversary may be able to determine that you were using the plausible deniability feature. This is possible if the adversary enters 10 incorrect PINs causing your OnlyKey to wipe all data and then they go to reconfigure the PINs and see that they can set both a regular PIN and a PD PIN. Since only the U.S. version firmware allows setting both PINs the adversary would know that your OnlyKey is running the U.S. version firmware. At this point the device is wiped the adversary would not have access to any sensitive information but the adversary would know that your device is capable of encryption which in some areas may be undesirable. To address this issue you can now set the wipe mode of your OnlyKey to Full Wipe. Given the same scenario with Full Wipe set when 10 incorrect PINs are entered the device will completely wipe all information including the firmware from your OnlyKey. No useful information would be available to an adversary concerning what firmware you were running and in order to use the device new firmware must be loaded.
Configurable Keyboard Layouts
In the last release we included firmware that supported different international keyboard layouts. We now support changing your keyboard layout on the fly through the Chrome app no firmware reload required. Traveling to France from the US? No problem just set the OnlyKey keyboard to French and change it back to US when you return.
U2F Improvements
Thanks to Yohanes Nugroho!
The ECC signing was intermittently working which made registering and authenticating with websites to also only work intermittently. This release addresses the signing issue.
One suggested improvement was to use ECC Deterministic Signing, this has now been implemented see https://tools.ietf.org/html/rfc6979 for more details.
When registering and authenticating the device now blinks (fade in and fade out).
Experimental SSH Login Support
Thanks to Thomas Sileo!
You can now access the OnlyKey via command line using the python tool created by Thomas - https://github.com/trustcrypto/python-onlykey
The command line tool can be used to perform basic communication like get the labels or set values in a slot.
This tool can also be used to write an SSH private key to the OnlyKey
To test this out follow the Installation and Quick start instructions and then run “python ssh_auth.py”
You can now use the OnlyKey to login via SSH. Your SSH key is stored securely on the OnlyKey and used to login via the OnlyKey agent - https://github.com/trustcrypto/onlykey-agent
Regular PIN / PD PIN Separate Lockout Feature
A separate failed login counter has been added for both the Regular PIN and the PD PIN to prevent a scenario where a malicious person has your PD PIN and also has unrestricted physical access to your OnlyKey and they are trying to guess your regular PIN. Without this feature the malicious person may be able to enter 9 incorrect PINs and as the last PIN enter the PD PIN then restart the device effectively giving the malicious user 9 additional attempts to guess the PIN. To mitigate this attack vector there will be a failed login counter that will count how many failed PINs have been entered since the last successful PIN entry and a failed login counter that will count how many failed PINs have been entered since the last successful regular PIN entry. The current setting of 10 failed login attempts and then a factory default occurs will remain the same. Additionally, now if 20 failed login attempts occur since the last successful regular PIN entry has occurred the regular PIN hash will be overwritten effectively disabling the regular account permanently. This allows the plausible deniability feature to remain fully functional, ensuring that an adversary with both physical access and access to the PD PIN will be unable to determine whether the device is using the international firmware or the US firmware and will be limited to 20 attempts to guess the regular PIN. Also keep in mind that for the 20 attempts to guess regular PIN there is an equal chance that the self destruct PIN will be guessed adding additional risk to guessing passwords.
Q - What does this mean for users who use the PD Feature?
A - Make sure to regularly log into the OnlyKey using the regular PIN. Or if you are only using the PD mode of the OnlyKey for some reason (There is no use case I am aware of to do this) keep in mind that 20 failed PIN entries without a successful regular PIN entry will disable your regular profile, essentially turning your device into a device operating with the international firmware.
Q - What are the chances of a malicious person who has my PD PIN being able to guess my regular PIN?
A - It depends the length of your PIN. For a 7 digit PIN there are 279,936 possible combinations so given there are 20 attempts there would be a 1 in 13997 chance of guessing a PIN. For a 10 digit PIN there are 60,466,176 possible combinations so given you have 20 attempts there would be a 1 in 3,023,309 chance of guessing a PIN. Also consider there is an equal chance of guessing the self-destruct PIN. Compare this to 4 digit PINs used at ATMs where there are 10,000 possible combinations and three attempts are allowed there is a 1 in 3333 chance of guessing a PIN.
Google Authenticator (TOTP) Improvements
In the prior release the time can get out of sync causing the OTPs generated to be wrong. In this release the time is accurate within 2 seconds.
Time-based One time password (TOTP) protocol requires accurate time in order to function. Basically how this works is a secret value that only the client and the server know is hashed
with a current timestamp. The result is a OTP that the server can verify came from the client and that is only valid for a short period of time so that if an attacker intercepts the OTP they would have a very small window of time to use the code before it expires. In this way TOTP is better than HOTP for a full description of the two methods see this - https://www.youtube.com/watch?v=KnTd2t4LWIE
PIN reentry after idle timeout lock fix
The device locks after 30 minutes of inactivity and then the next PIN entry fails even if it is the correct PIN. The issue has been addressed in this release.
OnlyKey Firmware Version now shows up in App
The firmware version now display in the bottom right corner of the app.
SHA 256 checksums
OnlyKey_Beta_IN.cpp.hex - 4facf9942e1d968a7d358d8b7a319deb9590aa27d97cf7c7c8e6092babdf35f0
OnlyKey_Beta_US.cpp.hex -
5147fc9e22f60a50f2fb12bde5b1e0d13cbfeedcebb26e41a809d7317c5e784b