@NiamhAstra - thank you. I will have to then explore Apex or xDF2. Thanks
Just to give a brief overview of that opt out.
As sold you must use the Fidesmo tools to load apps onto the apex due to super secret keys that among other things is why the apex may get payment support.
You can opt out of that by having those keys errased and you would control the chip entirely.
But if for some reason Fidesmo stopped existing your apps on the implant should still work, it’s not like the spark where it’s cool extra features would be usless without there authentication servers (depending on the apps loaded onto the apex).
How about, Still handy-capable
You could go to github and still use on your wordpress, discourse etc…
Can you? I thought that integration was via the VivoKey servers? Without the Vivokey app and server how would word press know how to read your implant? You cant just wave it at the screen or can you?
You could still enroll it on locks etc.
I also updated it to be a tad less harsh sounding.
You are most likely correct, but I really cant see Amal doing that, so I was just clasping at straws to defend…
Worse case scenario, would be dropping Fidesmo but Vivokey would carry on…Not that any of this is going to happen…
Ohh to be clear I am not advocating against the Spark 2. The product gives up some direct user control to make something that easy to use and works out of the box, it’s great!
I was just addressing this:
As for some this is a factor:
All fair and valid points my friend
@Pilgrimsmaster - thank you for sharing - that thread was an interesting read and exactly touches what I was scratching my head for.
@NiamhAstra - thanks and yes, understood.
2 posts were split to a new topic: DesFire Project(s) & call for ideas
I placed the order for the xDF2 kit last night at DT site. I am hoping to read thru the DS and appnotes in the nxp site - and I know I wont understand most of it right away and will prepare myself to make a few iterations of reading. I am consequently in the “not knowing what I don’t know” mode - but, like with any exploration/learning, I am hoping to discover and learn. Which also means, I am a bit weary getting that chip implanted. Curious to know what journeys of thought process other newbies such as me have gone through to bite the bullet for implanting…
I am not much of an analysis-paralysis kinda guy, but, this one is a new domain even for a geek-at-heart in me.
Separately, I placed an order for a Proxmark3 RDV4 @ hacker warehouse. I was looking for just the PM3 RDV4 kit here in DT, but, all I could find was a bundle of some kind and that too was kept showing as out of stock. Curious to learn the capabilities of that device and its API stack - I see there’s a github repo for it.
thought I’d share an update and perhaps seek any input from y’all.
Eat a nice breakfast beforehand, or lunch if you are implanting in the afternoon. The pain really isn’t bad at all.
Yeah, didn’t really hurt, but man does it feel weird! I can’t explain what it’s like when you haven’t had one implanted, but afterwards I had the thought “yep, that kinda felt like a metal syringe moving underneath my skin” - so just be prepared for things to get a bit strange feeling!
If you are the sort of person who gets queasy, you may want to look away, but don’t tense up expecting pain, you’ll be fine!
@Backpackingvet and @Compgeek - thank you. My weariness, stems mostly from “not knowing what I dont know” about the chip and whether this is the right chip to move with. Based on what I know today and my use cases, I have 2 opts, Vivokey and xDF2. I am not a fan of Vivokey due to dependency requirements on its proprietary tool stack. It makes me scratch my head. And, xDF2 is better of the two pills - but, even that is an “IUnknown” to me
Well if you have purchased it, may as well right?
Like if it’s not everything you want you can get an additional one (2 hands, and plenty of other space) even if you do not use it as much as you like you do not need to remove it, but if you want to as I understand it is fairly easy to take out.
This is correct actually… the Spark has AES keys which are symmetric. That means the keys on the chip are put there by us during manufacturing, and we keep a copy of those keys on our hsm. To use the cryptographic features of the chip, we issue a challenge to the chip from our server to your phone and over NFC to the chip. The chip encrypts a nonce and the challenge with the key we select (there are 3 keys on each Spark). That response is sent back to us for verification. The WordPress plugin works with the OpenID Connect protocol and our IdP API… like this;
you clicking “log in with VivoKey”
you are directed to the VivoKey API
we send a push notification to your phone
you scan your chip
we validate the chip scan
your browser is redirected back to WordPress with an authorization code
WordPress uses the authorization code to get an access and identity token from out API
you are logged in.
As you can see, there is a large amount of integration with our backed servers to both validate the cryptographic challenge and also handle communications between services and chip scanning on the phone.
Yay! Glad I wasn’t talking out my ass. The system you just described is how I imagined it working but I didn’t exactly have confirmation, just a decent grounding in authentication mechanisms.
I was just talking out my arse.
I fairness, That’s pretty much how I thought it worked.
More of a lashing out defence than a thought through rebuttal.
I’ve been working on the concept of an Apex chip for so many years now… I will probably drop to my knees and weep like a child who’s ice cream cone flopped to the ground before even taking a bite. … edit… I guess I should have used a happy situation here but I honestly can’t right now…
Circa 2018, VivoKey had to move forward with something… so the Spark was born… and the platform… and the authentication protocols… and as the Apex comes to market, we will have a powerful chip and a powerful platform.