> there isn’t much stopping malware from using your hw based key
replyExcept the three pretty major things that do stop malware that you mentioned ;)
Perhaps especially "3. You don’t have touch to auth turned on".
Never apologize for pedantry here
replySure. They can use my key while my machine is compromised, but even then I won't _need_ to rotate it after the compromise is cleared.
replyIt still would be a good idea just to make sure that it's easier to analyze logs, but it's not strictly needed.
And if you want to be even more pedantic, shell access with a touch based key just means the attacker has to wait for you to auth, which makes touch based systems largely a waste of effort on the defenders part.
reply> shell access with a touch based key just means the attacker has to wait for you to auth
replyAnd if you want to be EVEN more pedantic, on most touch-based keys, you have to touch within 10–15 seconds otherwise it times out.
So it is not a waste of effort at all. First the need to touch at all eliminates a large chunk of attacks. Second the need to touch within 10–15 seconds eliminates a whole bunch more.
There would have to be some heavy-duty alignment of ducks going on to get past a touch requirement.
Even more if the target has touch AND PIN enabled.
The touch based key I use only responds once per touch. If someone compromises the machine it's plugged into, the action I expected to complete won't complete. This means the compromise becomes immediately visible.
reply