Delivery Date of Nitrokey Storage and Other News

During our crowdfunding campaign last year we estimated the shipping date of the Nitrokey Storage would be 2 May 2016. As we have previously mentioned, the time-critical aspect of the project is the development of the plastic casing. We have already made three revisions to the design of the casing and this week we received the latest sample of the casing. Unfortunately the casing isn't ready yet which is why we have had to postpone the release date of the Nitrokey Storage to June.

Background: Why is a simple piece of plastic such an issue? Developing a simple plastic case can be an extremely expensive, complicated and time-consuming process. This is why we initially tried several off-the-shelf casings, but they were either too ugly, too bulky or too small, which meant that our PCB didn't fit. Furthermore by buying an off-the-shelf casing we would have been dependent on its availability; we experienced this in the past when our previous casing (you may remember the red Crypto Stick casing) became unavailable at a certain point.

So we decided to develop our own casing. We contracted a German vendor to develop and produce a plastic casing for us. We provided the outer 3D model and the vendor engineered the molding tool. A molding tool is a large block of steel with lots of pipes and mechanics. Its construction is expensive (in our case up to 20,000 €) but also depends on the complexity of the casing. For instance, simply letting the casing "snap" costs more than 1000 €. The engineering of the casing has to be thought through considering each hand movement during the later production of the Nitrokey devices. Our objective is to make the assembly of the Nitrokey models as simple as possible. The casing has to fit the PCB exactly, which is important for an optimal feel. This aspect is one that cannot be entirely designed on the computer, but rather must be tested physically. We are talking about a magnitude of 0.1 mm and each design alteration requires four weeks (at best!) before new samples are ready for testing. We are the stage of making minute alterations to improve the fit and feel of the casing.

 

Why You Shouldn’t Store Private Keys on a Hard Disk

We have argued against private keys on hard disks before. Now a serious vulnerability has been found in OpenSSH which a maliciously configured server could exploit in order to obtain the private encryption key used for SSH connections. This can’t happen when keeping your private SSH key secure on the Nitrokey. The Nitrokey hardware protects your private keys from exposure at all times.
 

Why You Shouldn’t Use a Phone for Two-Factor Authentication

“Computer security researchers warn security shortcomings in Android/Playstore undermine the security offered by all SMS-based two-factor authentication (2FA). […] If attackers have control over the browser on the PC of a user using Google services (like Gmail, Google+, etc.), they can push any app with any permission on any of the user's Android devices, and activate it - allowing one to bypass 2-factor authentication via the phone. Moreover, the installation can be stealthy (without any icon appearing on the screen). [...]

In the paper, the researchers argue that Apple's Continuity feature that brings iOS and Mac OS X devices closer together is equally dangerous. […] Application vendors no longer restrict their apps to a single platform, but rather add synchronization options that allow users to conveniently switch from mobile to PC or vice versa in order to access their services. This process of integrating apps among multiple platforms essentially removes the gap between them. Current, state of the art, mobile phone-based two-factor authentication (2FA) mechanisms, however, heavily rely on the existence of such separation.” (article, paper)
 

Nitrokey in the News

We are proud to have two articles in Germany’s best and largest computer magazine c't 05/2016 and 10/2016.
 

Nitrokey on the Road

We have been busy exhibiting at several events:

13.5.2016

Add new comment

Fill in the blank.