undefined | Better HN

0 pointszokier5y ago0 comments

That is exactly what TB has. The problem is that the device private key (in many(/all?) devices) sits in the flash memory completely unprotected so anyone can clone it.

0 comments

redactions5y ago

It is not like ssh at all. It is a problem that secrets are kept in the flash and it is also a problem that those secrets are sent over the untrusted channel.

zokierOP5y ago

The key is transferred only on the initial connection, after that a challenge/response mechanism is used. So from UX point of view it achieves similar TOFU, even if the technical details vary a bit. Sure, its bit worse but it is still very much trust on first use.

redactions5y ago

After the device is connected, use looks like a key consistency aware system like an ssh client. It is as you note very different in the first protocol run.

To extract the device secret value, an attacker needs to connect the target device to an attacker device. As you note, the thunderbolt device leaks the secret value over the untrusted channel. Impersonation of that device after that moment is trivial as a result.

The entire cryptographic protocol is broken from the start.

1 more reply

j / k navigate · click thread line to collapse

0 comments

redactions5y ago

It is not like ssh at all. It is a problem that secrets are kept in the flash and it is also a problem that those secrets are sent over the untrusted channel.

zokierOP5y ago

redactions5y ago

After the device is connected, use looks like a key consistency aware system like an ssh client. It is as you note very different in the first protocol run.

The entire cryptographic protocol is broken from the start.

1 more reply

j / k navigate · click thread line to collapse