jans23
jans23
Start with FIDO's threat model.
As suggested [here](https://github.com/Nitrokey/nitrokey-webcrypt/issues/11#issue-556907923) WebCrypt may support HMAC. CTAP2 [supports HMAC](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#sctn-hmac-secret-extension) already but it doesn't seem to be available to Web applications executed in browsers.
Perhaps certain sensible operations (e.g. read list of key IDs) could be only exposed to Web Extensions but not to websites. See [discussion here](https://github.com/openpgpjs/openpgpjs/issues/951).
I subscribed several feeds from a single newspaper such as "headlines", "politics", "business" etc. It often happens that a single article is published within 2 or 3 of these categories...
Currently the iSerial number (exposed via USB) is something like `FSIJ-1.2.10-12345678`. The version and tailing part should be removed and instead it should be changed to `12345678`.
Perhaps [this one](http://www.st.com/en/evaluation-tools/stm32h753i-eval.html).
I've noticed that in hardware revision R3 Pins 9 and 10 are still connected to the USB lines. This seems to be a leftover from the older version that used...
The solution should be programmatically to avoid such issues in the future. Example: https://docs.nitrokey.com/de/nethsm/api
rename "Azure AD" to "Entra ID (Azure AD)"
Perhaps, recommend the following apps. Potentially other apps would be worth mentioning too. https://www.f-droid.org/en/packages/me.lucky.wasted/ https://www.f-droid.org/en/packages/me.lucky.duress/ https://www.f-droid.org/en/packages/info.guardianproject.ripple/