Linux sysadmin, I want to use RFID for 2FA on my laptop/phone

complete newbie when it comes to chip implants, a bit lost in all the options, I don’t even really know what kind of RFID/NFC are out there, I have a generic understanding of the tech, AFAIK it’s all RFID which is a generic term for chips that can reply to a radio signal by absorbing it, modulating it and using that energy to transmit a reply via radio, so no battery needed, I also understand there’s chips where you can re-program the modulation while others have a “fixed” modulation and hence you just read them and their reply will always be the same.
is that correct?
I do know that linux has a number of libraries that can be hooked up to NFC/RFID chips to do 2FA.
Anybody here already made something like this? specifically on linux, especially integrating it with pam and ssh and/or KDE/Gnome keyrings?
What are the different options in terms of chips? what’s the differences?
Can I just buy one and ask any piercer to install it? is it a difficult task? wouldn’t I be better off asking a vet to do it since they do that for dogs already?
I understand it’s not a good idea to implant a battery to power on a LED and that there are options out there but they use dangerous/toxic chemicals inside a glass thing, any other options to get an LED working?

1 Like

Yep

1 Like

Hello and welcome to the fourm!

Spot on that is exactly what PASSIVE RFID is, there is also an active rfid but no implants for that one as of yet (batteries in the body kinda a no no)

Yes thats how the information is stored (in hex usually) an fixed uid or a changeable uid aswell as user memory space of some implants that let you store whatever you want.

I dont know I think @anon3825968 did some work on something (sidrfidal) and @leumas95 is also a python/Linux guy so they can probably point you in the right direction.

I think there are plans in the future for the vivokey to support 2FA authentication to.

Almost endless, this question is asked often i would suggest browsing the site.

You can… not all peiercers will do it, DT and KSEC solutions (DT Europe distobuter) both have confirmed installed maps just call your closest one.

Animal skin (cats and dogs) is very different to humans so not really. Most vets won’t go anywhere near a human but if you have a vet friend they may help you out.

there are options with LED’S e.g. the xLED (just an led) or the xSIID that is 2k user mem + led. They light up when power is applied (it enters a reader field)

Hope all that helps!

2 Likes

Everything that @Devilclarke said +

The easiest way to do Pseudo-2FA would be the KBR.
It basically just types out the ID of a xNT (or NExT) as if you were typing it.
So you’d just append that to every password you have.
Then you have a password composed of something you know (your passwords) and something you are. (2 factors).
It’s the fastest way ond works everywhere (from PC/laptop). I just got it and love it.

If you have a rooted android phone you can do the same with NFC Tools and NFC Tasks (make a task that simulates keyboard input when scanning your implant).

Also, you should look at the Spark 2 if you’re looking for auth stuff. Also check this out. Here’s the partner map that was mentioned above.

2 Likes

Interesting project, I’m a very bad coder myself, more of a sysadmin, I’ve also noticed vevokey has a github repo and there’s some stuff.
What’s the deal with those masterkeys, the actual chip can’t be reprogrammed and one can’t regenerate the keys, did I get that correctly?
that means I’d have to use their backend for 0auth and that sort of stuff and I wouldn’t be able to just hook it up to a library and do a challenge/response with in-implant cryptography, I’d have to use their servers.
If I understand that correctly it is kind of a deal breaker to me actually.

frankly I wouldn’t consider that a proper auth solution, as you said it is pseudo-2FA, I’m actually pretty interested in doing proper cryptography in the chip itself, that is actually something as far as I’m concerned, just making a FOB and using a UUID to do authentication is not acceptable to me.

In more general terms I see this as something on the brink of the “what you have” and “who you are” factors, and that’s what makes it interesting to me from a security point of view.
You can’t possibly loose this and it can’t be stolen without you realizing it, I mean there are weird scenarios where that could be the case but stealing (or loosing) a hardware token of some sort it’s pretty easy, and from a design point of view that hinders the actual security of it as an auth factor, a chip implant cannot be easily taken from you but it’s still just something “that you have”, it almost works as something on the lines of “who you are” but it isn’t proper biometrics.

thank you very much, I am reading through the forum and online about the tech a bit more in details, as i was replying above I am interested in this as a proper authentication factor for IT systems, vivokey seems to be on the right track for that (need to do crypto on the chip to do it properly) but it seems I wouldn’t get access to all the proper crypto functionalities in the chip itself, which is a deal breaker for me.

Crypto on chip, have a look at the desfire chips lots of functions!

So of the top of my head you have a few options if you are

Currently the only thing available is the DF and DF2 products. But no one has done much in the way of working with there secure capabilities on this forum at least. I know @NixieGeek has been interested in this space and I am also one day going to look into this.

You also could do something with a NTAG 413 if you can get hold of a unprovisioned spark2? I know @anon3825968 managed to get one, maybe if there is enough interest then @amal might make them more available.

Finally you could hold out for the Apex line. It’s an upcoming line of VK products that utilizes a contactless Java smart card that you can load applications onto for things like signing and token generation.

1 Like

If that’s the case, like mentioned above, you should wait for the apex line.
Signing my own challenges from within the implant is one of the main reasons to get an apex.

Yes. When you buy a Vivokey chip, you buy a Vivokey / Fidesmo-locked chip - i.e. what you really buy is secure access to that particular ecosystem and nothing else. They provision the chips with their own key and there’s nothing you can do about it.

It’s fine if you do want them to authenticate you for anything and everything. But if it don’t sit well with you and you want to roll your own, as I do too, you’re SOL - unless you manage to get your hands on an unprovisioned chip, which isn’t normally offered by VK or DT.

That’s why, unlike most forum dwellers here, I’m not excited at all by the upcoming Apex chip: it looks like a great chip, but I don’t want to implant something under my skin that I don’t have complete control over. But apparently I’m in a minority.

I think Amal was talking about making a reset option available for the Apex. Meaning, if you ask Fidesmo politely, they’ll wipe their key off your chip and then it’s yours to do whatever you please with - and you lose access to the Vivokey / Fidesmo services of course. If that option is offered, it makes the deal more appealing to me.

I feel like the minority in that I want to be an end user. To me, I would rather pay someone to manage all that stuff. At this point Vivokey hasn’t gave me a reason to not trust them. I will gladly pay for that service. I would even pay if it has to be a prepaid account.

To be clear the apex will let you have your own keys and apps on it, it is just the keys for loading new apps and that sort of stuff Fidesmo controls AFAIK. So like you can still do your own cryptography on it.
This obviously docent negate @Roscos thoughts regarding being locked into there ecosystem though, just wanted to clarify for others that unlike the NTAG413 (Spark2) you can sign your own stuff.

That’s why you need 2 Apex’.
1 to do payments (and other fidemso stuff), the other to opt out of fidesmo and deploy your own applets.
(Other fidemso stuff could/will include PGP tho’, so no real need for 2 implants if you just want good crypto.)

It’s just a matter of principle to me: my skin, my chip, my master key. There would have to be very compelling reasons for me to implant something tied to someone else’s infrastructure.

For instance, I tried to get my local transport authorities to program an implantable version of their DESfire-based pass card not too long ago. That’s an incentive: I could’ve taken the bus or the train and pay for fares with my hand. I would have sprung for that.

Sadly, the Vivokey / Fidesmo offering isn’t nearly close to being appealing to me yet. As far as I can tell, the only thing VK crypto chips are good for at the moment is logging into the VK forum - unless there are other applications that no-one on this here board cares to talk about. Frankly, that’s kind of bleh…

I recognize VK has a chicken and egg problem: they need to build an appealing infrastructure, and they need early adopter participants to build it. But me, I’ll sit this one out. Just not interested at the moment.

Yep, that is an option I’m considering.

By the way, shouldn’t it be “Apices” in plural? :slight_smile:

3 Likes

Are two Roscos Rosci? Then yeah.

Rosco isn’t latin :slight_smile:

1 Like

Also, it’s a name. I don’t think you do that for names.
But I’m not a native english speaker and bearly passed my latin classes.

these seem interesting, I had just reached them, need to understand more about the actual capabilities.