undefined | Better HN

0 pointsLamaOfRuin1y ago0 comments

Keys can require a pin (or maybe a password depending on implementation).

But in general I haven't felt these are secure enough for the reason you say.

While my practical threat model today would make passkeys seem great, the theoretical future threat model in my head does not support it.

0 comments

kevincox1y ago

PINs and passwords on HSM keys like this are typically very secure as they will wipe themselves or at least lock themselves after a small number of failed attempts. For example if you only allow 5 failed attempts a 4 digit random PIN has a 0.05% chance of being guessed and a 6 digit PIN is 0.0005%.

So the only real risk is key extraction, hardware key extraction is always possible but likely incredibly expensive, so for most threat models it is not an issue. (Software key extraction or side channels is a different problem which may be easier but in theory is not possible.)

franga20001y ago

PIN+limit is still a much worse user experience than a password:

- a PIN is hard to memorize, so people are more likely to use personally-relevant or common numbers, whereas a password can be easily be both complex and memorable - it's easy to burn through even 10 login attempts through any combination of temporary/permanent disability, stress, being drunk, damaged device... - a wipe-after-failed-attempts system is trivial to abuse, be it by a prankster or a real adversary - it's much easier to see someone's PIN over their shoulder or film them entering it

Ferret74461y ago

PINs can include all characters just like a password. They're called PINs for historical reasons.

(This does depend on the specific key/protocol.)

1 more reply

j / k navigate · click thread line to collapse