IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [hardware-token]

35 questions
2
votes
0 answers

Cryptoki PKCS11 C_Decrypt returns shorter key (decrypted message) than expected

First off let me say I'm fully aware this question can only be answered by the token vendor but I have already contacted them and with the whole COVID situation my hopes of hearing from them soon are not high (nor that I need to, this is just to…
Marcos G.
  • 176
  • 5
2
votes
1 answer

Would using RSA SecurID Token across security domains introduce any weakness?

If the same hard or soft RSA SecureID token was used across security domains would this introduce any additional cryptographic weakness? For example, if I had to access two secure customer networks could I use the same hardware token, as an…
Jeff Arthur
2
votes
2 answers

Why is an HSM required to protect CA certificates (rather than a regular USB token)?

Typical USB tokens (Nitrokey, YubiKey...) allow an everyday user to store PGP keys and use them to encrypt email, harddrives and so on. The same vendors also offer distinct products called HSMs (Nitrokey HSM, YubiHSM). The suggested use case is…
lofidevops
  • 3,550
  • 6
  • 23
  • 32
1
vote
0 answers

Identity theft of biometric data from hardware security key?

My question is about identity-theft vulnerabilities of data on hardware security keys [also called: "hardware security token", "hardware token", "hardware authentication device"] with built-in biometric sensor. Is the biometric data on hardware…
Jameeyo
  • 11
  • 1
1
vote
2 answers

Pre-paired hardware security tokens - Why don't they exist?

I've had this idea bouncing around in my head for a while, and I'm honestly surprised that it doesn't seem to be on the market. Which probably means that it wouldn't work well for some reason that hasn't occurred to me yet. I think it should be…
Joseph Montanaro
  • 510
  • 2
  • 8
1
vote
3 answers

Are hardware tokens secure in case of a data breach?

One of my banks authenticate me using username and an one time passcode (8 numbers) generated by a hardware token they gave to me when I opened the account. On the surface it looks like that as long as no one steals the token from me, then no one…
Calmarius
  • 1,905
  • 2
  • 12
  • 6
1
vote
1 answer

Using a pen drive + secure certificate instead of sudo passwords

Is this recommended and/or possible? I just don't like the idea of anyone beside me being able to see when I type my password.
Adrian Lopez
  • 111
  • 4
1
vote
0 answers

How to reflash/reformat enterprise Aladdin eToken Pro Java 72k for own certificate?

Is this eToken can be reformatted or re-flashed for using as smart-card for authentication? I have this stick left from my former work and wanna re-use it some way, for example, for authentication in laptop. Is there a way?
Suncatcher
  • 282
  • 2
  • 13
1
vote
1 answer

inherent drawbacks of browser based OTP solutions?

We already have two sorts of OTP generators in place: (a) as hardware (token) (b) as software (e.g. Google authenticator, RedHats freeOTP) Now I saw browser based solutions like SecureAuth OTP which is available as Chrome app. [ <- correction,…
MarkHelms
  • 13
  • 3
1
vote
2 answers

How safe are the password prompts of the SafeNet eToken 5110 or similar cryptographic hardware tokens?

I'll need to use an hardware token, specifically the SafeNet eToken 5110 that comes with DigiCert's EV certificates, for code-signing on Windows. I know that they issue a prompt to manually enter the token's password at each signing attempt (or at…
gbr
  • 260
  • 1
  • 7
1
vote
0 answers

Implement 2-factor authentication with digital certificate

How can I implement digital certificate to do 2 factor authentication to a web application? I have a web application under Apache server. I want the application to require a digital certificate once trying to connect to it. The certificate should be…
One love
  • 11
  • 2
0
votes
0 answers

Use a remote certificate (on other computer) for mTLS transaction

I have an USB Token (brand 3SKey) containing a certificate "C" with its private key stuck on a machine "A". The certificate's private key is obviously not exportable and I'm not interest into using 3rd party tools to try to extract it. This…
Perfect28
  • 101
  • 1
0
votes
0 answers

Chrome U2F Authentication TouchID vs YubiKey/Hardware token

If I have a YubiKey/other hardware key, then I can add that as a U2F device and restrict logins to require that hardware key to be present when logging in to web sites with my username and password. However, if I add "This Device" as the U2F device…
Andrew Parks
  • 235
  • 1
  • 5
0
votes
0 answers

SafeNet eToken 5110CC w/ IDPrime 940MD: Generating ECC384/521 Errors + ICC/CVC Authentication

I am trying to utilize the SafeNet eToken 5110CC, which basically has the IDPrime 940MD with the applet 4.4.2.A., to generate ECC keys with lengths 384bits and 521bits to no avail. The product brief says that ECDSA and ECDH of 384/521bits are…
ARGYROU MINAS
  • 111
  • 1
  • 10
0
votes
0 answers

Status of Asynchronous Remote Key Generation in the developing WebAuthn standard?

Today I read this blog entry by Yubico regarding Asynchronous Remote Key Generation. This proposal solves, in my view, the largest outstanding problem in the widescale adoption of challenge-response hardware authentication keys. Some background: The…
Myridium
  • 156
  • 1
  • 8
1
2
3