A RISC-V Security Key

December 26, 2023 by Al Williams 6 Comments

The TKey is a RISC-V-based security key that plugs into a USB port. The device has a number of features, including a device-specific serial number, RAM scrambling, and a monitor that kills the CPU in the event of access to protected memory. There is also an FPGA that, on the end-user version, is locked down. This prevents you from changing the core features and the unique ID number for the device.

As part of the start-up code, the device calculates a hash of the application and merges it with the device ID and, potentially, a user-defined secret. If this number matches a previous calculation, it is reasonably certain that nothing has changed between the times of the calculations.

Continue reading “A RISC-V Security Key” →

A Commodore SX-64 showing a six-digit code and a countdown timer

Generating Two-Factor Authentication Codes With A Commodore 64

November 14, 2022 by Robin Kearey 15 Comments

If you’ve used a corporate VPN or an online-banking system in the past fifteen years or so, chances are you’ve got a few of those little authenticator key fobs lying around, still displaying a new code every 30 seconds. Today such one-time codes are typically sent to you by text message or generated by a dedicated smartphone app, which is convenient but a bit boring. If you miss having a dedicated piece of hardware for your login codes, then we’ve got good news for you: [Cameron Kaiser] has managed to turn a Commodore SX-64 into a two-factor authenticator. Unlike a key fob that’s one gadget you’re not likely to lose, and any thief would probably need to spend quite some time figuring out how to operate it. Continue reading “Generating Two-Factor Authentication Codes With A Commodore 64” →

TurtleAuth DIY Security Token Gets (Re)designed For Durable, Everyday Use

May 21, 2022 by Donald Papp 15 Comments

[Samuel]’s first foray into making DIY hardware authentication tokens was a great success, but he soon realized that a device intended for everyday carry and use has a few different problems to solve, compared to a PCB that lives and works on a workbench. This led to TurtleAuth 2.1, redesigned for everyday use and lucky for us all, he goes into detail on all the challenges and solutions he faced.

When we covered the original TurtleAuth DIY security token, everything worked fantastically. However, the PCB layout had a few issues that became apparent after a year or so of daily use. Rather than 3D print an enclosure and call it done, [Samuel] decided to try a different idea and craft an enclosure from the PCB layers themselves.

The three-layered PCB sandwich keeps components sealed away and protected, while also providing a nice big touch-sensitive pad on the top, flanked by status LEDs. Space was a real constraint, and required a PCB redesign as well as moving to 0402 sized components, but in the end he made it work. As for being able to see the LEDs while not having any component exposed? No problem there; [Samuel] simply filled in the holes over the status LEDs with some hot glue, creating a cheap, effective, and highly durable diffuser that also sealed away the internals.

Making enclosures from PCB material can really hit the spot, and there’s no need to re-invent the wheel when it comes to doing so. Our own [Voja Antonic] laid out everything one needs to know about how to build functional and beautiful enclosures in this way.