[clug] Re: Yubikeys at CLUG meeting (linux Digest, Vol 78, Issue 6, Message 4)

Miles Goodhew mgoodhew at gmail.com
Thu Jun 4 00:59:11 GMT 2009 

Bob,

On 04/06/2009, at 10:30 AM, Robert Edwards wrote:

> Miles Goodhew wrote:
>> Hi Karun,
>>> Date: Tue, 02 Jun 2009 20:52:40 +1000
>>> From: "Karun Dambiec" <karun at fastmail.fm>
>>> Message-ID:  
>>> <1243939960.23319.1318351635 at webmail.messagingengine.com>
>>>
>>> Does anyone who participated in the bulk purchase of Yubikeys  
>>> know how
>>> we can get access to the Yubikey Management System?
>>> It appears we need a paypal receipt.
>>   I didn't think you _could_ get access to their access system.
>
> Yubico offer a public authentication service which every Yubikey they
> sell can authenticate against be default until reprogrammed. This is
> the default way of using Yubikeys against a whole range of public
> websites and services (including OpenID and possibly LastPass).

   Yeah, that's how I'm using (just tinkering) with them right now. I  
believe this is called "connected mode" (extrapolated from the fact  
the other is called "disconnected mode" - but like I've said before:  
I've not read more docco than a couple of READMEs).
   I got the impression Karun is referring to a "Management System"  
that lets one retrieve the Yubico-generated AES keys. I've never  
discovered mention of such a system, hence my answer. I have read  
some pretty sloppy cryptanalysis articles on teh Intarweb about how  
it's possible to destructively salvage the AES key through the key- 
programming interface (Never tried it meself).

>>> Im needing to get my AES key so I can set it up to use with PAM on
>>> Linux.
>>   I haven't done a lot of tinkering with my keys yet, but I  
>> thought if
>> you were going to do your own "disconnected mode" client verification
>> system, your best bet was to "re-personalise" (re-key) the keys.   
>> This
>> way Yubico themselves can't know your AES keys, should they  
>> somehow go
>> over to the dark side.
>>  I haven't looked for long, but I've not found much documentation
>> about doing this yet.
>> Hope that's some help,
>> M0les.
>
> So, if the guy who actually purchased the Yubikeys (Miles, in this  
> case)
> sends in a request to Yubico with various proofs that he/she did order
> the keys (Palpal number etc.) and with two consecutive Yubikey  
> sequences
> from one of the keys, and their own public GPG key, then Yubico _may_
> send back the AES 128-bit keys for _all_ the Yubikeys on that order,
> encrypted with that GPG key.

   Right, this sounds a lot less like an automated access system and  
more like an exercise in social engineering. If I were Yubico and I  
(as them) knew the circumstances in which I bought the keys, I (As  
Yubico) wouldn't give me (as me) the keys.

> Now Miles has the AES 128-bit key for everyone in the bulk order (!).
> He can distribute them. Not wanting to cast dispersions on Miles' good

	MWahahahahaaaa! My evil plan is coming together nicely!

> name, but everyone who ordered Yubikeys through this order should be
> aware that Miles _may_ have your Yubikeys' pre-programmed AES key
> already... And we already know that Yubico has those keys as well...
>
> Again, I would look seriously at reprogramming in any case.
>
> On the other hand, when I tried getting the AES keys for my Yubikeys,
> Yubico put up some hurdles that I couldn't be bothered hurdling (I
> didn't order them using Paypal so things were a little more complex).
> So I just went with plan A: reprogram all the keys.
>
> If anyone wants to know how to reprogram their Yubikeys, I am talking
> about this at next weeks PSIG. Also, there is documentation on the
> Yubico wiki about it - requires downloading and compiling three sets
> of C code in the correct order.

	Yep, I think my commercial obligation is fully discharged, so I'm  
not going to bother trying to get the keys from Yubico partially  
beacuse of the quite valid security concerns Bob raises (but mainly  
through laziness).

	I think the moral of this story is that the inbuilt Yubico AES keys  
and the "connected mode" operation is great for fiddling around,  
development and evaluation.
	However if you really want to _trust_ the keys you must _trust_  
whoever takes care of the AES keys.
	You have the power to be your own key caretaker.

M0les.

More information about the linux mailing list