:link: https://shipit.show/122
I know which episode is jumping to the front of my queue. Fun topic, and Jorge rocks :thumbs_up:
On the outro topic of being able to extract some keys from a Yubikey, I don't think that it really invalidates the current Yubikey (the 'vulnerable' ones) as a good security measure.
Firstly, as I understand it, the process is quite involved, since you need both the normal login credentials and the physical key to do it, as well as a bunch of specialised equipment.
The security model for something like a Yubikey is based on using something that you can secure like a physical item so that it cannot be hacked remotely. This is still true.
I heard about this on a security podcast (https://risky.biz) and both I and they agree that it's a very interesting and cool technical demonstration, but very hard to make practical us of.
Also, they came back to it a week later after realising that if you need to steal the physical key anyway, why not use that directly instead of extracting the cryptographic key. If you want to cover your tracks, just leave a defective Yubikey of the same model behind and the user will almost certainly assume that it's just broken for some reason.
I want pictures of Justin’s travel Kube
The build log with pictures is at justingarrison.com/cubernetes
Oh nice! Now I think I remember seeing this a couple years ago.
I really like the idea of the OS only providing the very basics to have a running system, just like containers.
Once my fedora fails me, I will definitely switch over to bluefin.
You’d probably love talos (what I work on) for Kubernetes. I’m so spoiled to have the OS be completely API defined and integrated with k8s
Last updated: Dec 12 2024 at 15:17 UTC