I’ve designed the first production quality, open source U2F token. I’ve designed it to be secure, cheap, and reliable. This is important for a 2 factor auth key, which is what U2F is intended for. Additionally, I mass produced the U2F tokens using an external PCB fab and a programming pipeline I designed and implemented. Custom programming was required to meet complex security requirements. I provide metrics and cost details for bootstrapping a project like this to sell on Amazon Prime.
I will explain the security fundamentals that make U2F secure. Additionally, there are important factors a designer needs to face to correctly design secure hardware. A protocol like U2F isn’t secure until it’s in a well designed implementation. And to make a project available to others, one must consider other factors to mass produce secure hardware. How do you make sure each key is unique and that different keys are handled properly? I solved this with my design of a custom programming setup. I then pipelined it so I could to program 1000+ U2F tokens in a reasonable amount of time on my own. Lastly, I provide metrics and cost details for bootstrapping a project like this to sell on Amazon Prime.