TKey: The First 100% Open Source Security Key
Introduction
I will always remember a maxim in cryptography: the key is the key, not the algorithm. There’s nothing more secure than releasing the algorithm so that everyone can analyze it and work on its improvements. Under this premise, TKey is introduced as the first 100% open source security key. A revolutionary product created by Tillitis that embodies total freedom in security: hardware, firmware, and software that are completely open and modifiable.
Technology
The TKey is based on the FPGA technology from Lattice, implementing a small RISC microprocessor. This allows a significant advantage: the capacity to load any desired security program. It can function as an ssh agent to access remote equipment, a random number generator, or even as an authentication system for FIDO2/WebAuthn.
Security
What sets TKey apart is its unique approach to security. Each device carries a unique hardware key. When loading a program, a summary hash using Blake2s is applied, generating a new derived key. This means that each application has its own unique key.
However, this feature presents a challenge: each modification to the program results in different generated keys. The solution to this is to divide the program into two phases. The first phase is stable and generates the derived key, while the second phase can change frequently due to updates without affecting the integrity of the key.
Comparison with Commercial Alternatives
Compared to commercial alternatives like the YubiKey, the TKey offers greater flexibility and transparency. While the YubiKey is an effective and widely adopted solution, its closed nature limits the ability to customize or completely verify its security operations. With TKey, you have the ability to inspect and modify every aspect of security, representing a new frontier in trust and customization in the realm of security keys.
Personal Use
Personally, I use the TKey to authenticate myself in critical services and for SSH access to remote systems. It’s important to mention that even the set of tools for synthesizing and compiling the bitstream uses 100% open source software.
Conclusion
The TKey is, without a doubt, the most complete open source product I know.