[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Taler] Greetings and Question on HSM Keys
|
From: |
taler |
|
Subject: |
[Taler] Greetings and Question on HSM Keys |
|
Date: |
Mon, 16 Aug 2021 22:08:15 +0200 (CEST) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello GNU Taler Mailing List!
I have just joined and wish to share my PGP public key with everyone.
You may download my PGP public key at: https://raiderhacks.com/gpg
While reading the GNU Taler Docs, I noticed if there are any questions on
adding support for hardware keys, that I should contact the GNU Taler
developers.
I wish to ask if it anyone would be interested in adding support for
HMAC SHA1 Challenge Response assisted encryption.
This is the same hardware-key assisted encryption that KeePassXC offers:
https://keepassxc.org/docs/#faq-yubikey-howto
If this is done, every time an edit is made to the person's balance database,
the user would be prompted to tap their hardware key device. When this
happens, a new seed is written into the user's database file, is sent to the
hardware key, and the hardware key applies HMAC-SHA1 with a secret
that is stored directly in the hardware key. The HMAC-SHA1 output
is appended to the user's password to re-encrypt/decrypt the user's
wallet database in the future. This dynamic-password approach to
encryption is why I chose KeePassXC as my password manager and
would love to have the same protection in a system that is designed
to allow me to spend money privately and anonymously.
Please let me know what all of you think of this.
Thanks,
Tanveer Salim
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQTCDyJqWjGhhMf9XUwGMmXvr63R/wUCYRrFcwAKCRAGMmXvr63R
/xYIAP95wkfcci0LH1HtJpDOn1MG4wAUAiOdhWhRTI44PAzwZAD5ATRxqoOAu0Qf
DuQK0j1s5gL1X7+3fv/zbA2fNnSRrwU=
=k0ze
-----END PGP SIGNATURE-----
- [Taler] Greetings and Question on HSM Keys,
taler <=