Also, if so is curve25519 going to be added to that?
Been wondering…
Price is also of interest too though and wondering if usb 3.0 will ever be secure enough to used for this purpose. Although that would require dealing with usb 3.0 security issues, which I don’t know if its possible, or would it would take, etc…
Either way, interested in this, I am!
Hey!
Yes, we definitely plan for Nitrokey Storage 3, as it would be nice to have it modernized and faster with the USB 3 speeds. This is still in the design phase though.
Can you elaborate on the security issues you have in mind? Do you mean radio/WiFi interference or something else?
Scroll down here:
IEEE 1394
Also, apparently, usb 3.0, must be similar to firewire? I think?
Btw, you can do some searches more in depht if you wish.
Oh and here is a more precise one:
Not sure if this has happened on linux, but should it be examined? I don’t know lol.
Btw, is RSA 4096 used for encrypting the original Nitrokey Storage, in addition to AES256?
Not really sure, myself, but curve25519 would still be a good idea to add to the Nitrokey Storage 3.
Oh, quick update, but I forgot to mention, don’t know if this DMA issue for usb 3.0 also affects coreboot with or without intel me disabled either. Though I would be surprised if windows couldnt be broken into this way even on a software level.
Using windows online for me = 
*Even offline using windows =
Well, if it has any backdoors in the hardware enabled by default and intel me is completely online and you are running it directly on your drive even if it is offline.
Either way, I really wish someone would make a way to use old windows games, from before NT, in a way similar to something like dosbox or better.
Long story short, albeit off topic somewhat, usb 3.0 has some huge issues for windows users probably. Might be good to have two separate modes for disabling usb 3.0 and 4.0, hence my concern for the majority of people who are willing to ignore these problems and others as well…
In a way reckless and sadly, popular as well.
Done editing lol
Maybe there could be the possibility of an out-of-band communication via bluetooth.
Before using the Nitrokey, you need to unlock the USB functionality via App on the PC/Phone. A blink pattern or color could show whether the devices mutually authenticated each other.
Really hope, Nitrokey would allow some community brainstorming here.
E.g. for me one of the most important security features of the existing Nitrokey is not the encrypted partition but the sealed device and the read-only partition.
You can identify the Nitrokey via the OpenPGPcard and the embedded keys and you can be sure that the contents of the partition has not been tampered with (without validating signatures everytime).
Only one huge problem with your suggestion…
Bluetooth is much worse… lol
supposedly this standard is not only chosen by very few people as well, it also has had some interesting exploits used to hack into people’s computers, even if you aren’t physically nearby.
Clickjacking aka… also, bluetooth is a giant waste of electricity and if you search for bluetooth insecurities, you will find a lot of those compared to a small amount of every other storage idea, long story short, it would be nice if there was an open source way to get usb storage and storage drives as a whole, to work without any huge security holes.
I doubt making it fully open source or removing all security issues would be possible, due to “influences” within the world
Small edit: non-proprietary was the wrong choice, because, I have no idea anyways.
Although, usb 3.0 is still no where near as bad as usb 4.0 I am told… wikipedia made mention that usb 3.0 is suspected to have similar issues to firewire albeit, beyond windows, this wasn’t a huge issue.
So maybe, its not a huge problem, as long as you can keep fixing new vulnerabilities that hit via upgrades and as long as usb 4.0 isn’t supported till it can be mitigated like usb 3.0.
Ironically though, usb 2.0 and usb 3.0 seem to be harmless according to sources online including wikipedia compared to just about everything else, storage wise.
Aka, by default.
Well, regardless, still not sure why the leaders within corporations, still don’t understand that the connected hardware is not nearly as important as the operating system on the hardware.
Aka, proprietary = hazardous at worst and at best, error prone and bloated/buggy.
When I say proprietary btw, you can be sure I mean anything that is as bad as Ubuntu has become or worse, including systems that claim to be open source but are very serpentine.
So yeah, perhaps usb 2.0 and 3.0 are the best options right now. Although, it might also be good to have usb 3.0 have a disable option for those who want security that badly even if it slows things down a hell of a lot.
Anywho, I have rambled on enough, if anyone wants to tell me if curve25519 will be in nitrokey storage 3 or if usb 3.0 will be added as an option to nitrokey storage 3, I am all ears.
Thanks for all the info.
Out-of-band communication could be end-2-end encrypted using random session keys agreed via single use elliptic curve keys and ECDH key exchange.
If you know that a medium could be insecure, you could insert a secure layer on top of it.
The Microcontroller could shutoff any communication via USB until you proved that it is your Nitrokey and you want to use it now.
Sounds like a good idea, btw, I also thought I should mention something really important too… of course this would also be a good change for nitrokey storage 3 as well if someone desires a bigger level of security… but the only thing is, I don’t know if Nitrokey Storage 2 or 3, yet support more than 60+ characters…
anyways, i will get to the point now:
Diceware method
Or to be more accurate, not passwords, passphrases.
Easier to remember harder to crack supposedly:
EFF very much supports this, in fact they have their own specific lists that are for ultra strong security, scroll down to here on that page:
EFF wordlists
ironically, though, ike 4+ years ago, I never bothered to look it up, when I heard a certain whistleblower talk about this.
It sounded silly to me back then… however, less than a year prior to now, decided to look it up thoroughly, due to getting sick of really complicated passwords that I could never, ever remember, no matter how hard I tried.
Unusual word + space and repeat, as many times as you feel is needed. Supposedly there is a page:
https://theworld.com/~reinhold/dicewarefaq.html#howlong
Scroll down to here:
How long should my passphrase be?
It is very possible, however that ante has been upped since then though, so do keep that in mind.
Aka, its possible that this might not be accurate anymore, in general.
Diceware is currently the best option though according to EFF and I will trust their judgment over the current option. Mostly due to the fact that the other method is so much in use by corporations already.
So… yeah… no.
Sorry for another long post.
EDIT:
Almost forgot, the main point I was making here, was that it might be wise to make it possible to do the same thing with Nitrokey Storage 3 as well.
If I recall correctly, Nitrokey does sell something for blocking malware like issues, via a usb stick meant for this, its like a way to block malware from outside your computer.
I do wonder more or less, if they plan to make the firmware upgradeable.
Either way, I don’t know if my question has been answered completely, but I suppose it might just as well be answered.
That being said, @szszszsz
I had other thoughts, but I will wait for now to ask them, otherwise this thread stays open for way too long.
I wish the partition sizes and write lock could be setup freely. I really like the possibility to have a readonly partition where you can be sure that binaries are not altered. Here you could also add Anti-Malware or boot a Linux distro.
Right now the space is limited as it is intended to host the unlock applications.
Also in case raw flash is used, maybe decide on pSLC use for better durability.
Don’t know much about most of that, but having an OpenBSD option would be wise.
As an aside, just having something as secure as nitrokey’s heads fork and still having complete supporting BSD and Linux alike, would be cool, especially if it is just as lightweight as the current one.
Pity there isn’t an OpenZFS fork that isn’t based on that really bad, CDDL license.
I have heard good things about OpenZFS.
Not sure how much is true, but yeah…
Is there any update on this?
I think they still need to recover from Nitrokey 3
Thanks for your reply! Recover you say, feels like I have missed something.
I don’t speak for Nitrokey in any way, this is just my unsolicited opinion. I wouldn’t rush them to get something out.
I’m waiting to buy the Nitrokey Storage 3 when it comes out, I’m expecting a little more space but above all more security. The competition has much greater physical security than the Nitrokey Storage since the chip is entirely immersed in epoxy, it therefore becomes impossible to unsolder the chip to use advanced means in order to use an advanced brute force technique.
The competition has already moved to fips 140-3 level 3 which is not just a commercial argument, there is a real advance, despite this I am waiting for an open source solution and the only really serious one is here.
There is progress at Nitrokey on the design of the Nitrokey Storage 3
We don’t have any short plan for a next version Nitrokey Storage 3. In the long run, we do want to develop such.
