mirror
/
u2f-zero
kopia lustrzana https://github.com/conorpp/u2f-zero
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Update README.md

pull/33/head
Conor Patrick 2016-06-21 20:05:10 -04:00 zatwierdzone przez GitHub
rodzic 58fdf7c721
commit 2889b5610c
1 zmienionych plików z 2 dodań i 2 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

4
README.md
Wyświetl plik

@ -3,7 +3,7 @@
U2F Zero
========
U2F Zero is an open source U2F token. It's a two factor authentication token that is implemented securely. It works with Google accounts, Github, Duo, OpenSSH, and anything else supporting U2F.
U2F Zero is an open source U2F token for 2 factor authentication. It is implemented securely. It works with Google accounts, Github, Duo, OpenSSH, and anything else supporting U2F.
![](http://i.imgur.com/lL3VLz1.jpg)
@ -19,7 +19,7 @@ Check out [the wiki](https://github.com/conorpp/u2f-zero/wiki) for more on how t
Security Overview
-----------------
The security level is about the same as a car key. Any secret information cannot be read or duplicated. A TRNG is used to generate unpredictable keys.
The security level is about the same as a modern car key. Any secret information cannot be read or duplicated. A true random number generator is used to create unpredictable keys.
However, side channel leakage is an unsolved problem in industry and academia. So for well equipped adversaries that can make targetted attacks and get physical access, secret information leakage is possible. Any other hardware token that claims it's "impenetrable" or otherwise totally secure is *still* vulnerable to physical side channels and it's important to acknowledge. However, most people don't worry about targeted attacks from well equipped adversaries.