[clug] Yubikeys on Linux

Robert Edwards bob at cs.anu.edu.au
Fri Jun 12 00:23:11 GMT 2009 

Lana Brindley wrote:
> I stumbled across an interesting article this morning about security with
> the Yubikeys. Thought I'd share:
> 
> http://security.dj/?p=4
> 
> L
> 

Thanks Lana.

I didn't discuss Yubico's authentication server at all last night, but
I did demonstrate a yubikey authenticating against it as it comes
shipped.

One point that Dr. Fredrik Björck seems to miss altogether in his
analysis is that Yubikeys can be reprogrammed with your own IDs and
AES 128-bit key to work against your own authentication server. Most
of his reprogramming discussion seems to revolve around putting in a
static (reusable) password, which I specifically commented on in the
negative last night.

His assertion that "A Yubikey lost means the passcode revealed, since
it has no lock." is a bit misleading. The AES 128-bit key can only be
recovered by destroying the device. If the device is "lost", it's
security is already compromised (same as losing an RSA SecurID tag).
Two-factor authentication is your friend... Lost Yubikeys should be
immediately disabled at the authentication server (sort of sounds a
bit like what to do with a "lost" password...)

As to the open sourced-ness of the Yubikey, he seems to have missed
the fact that the protocols etc. are open as well, not just various 
implementation of servers etc. As I discussed last night, I have
written a server from scratch and I sure didn't make the mistake of
ignoring the session use counter in determining validity.

I can see that someone could "borrow" a yubikey and store a couple of
OTPs from it, then return it. As he points out, those OTPs would be
valid until the user tried to use the key for real after which they
would be useless. Again, two factor authentication is your friend, as
is not losing your "stuff"... It is both an advantage and, as is
pointed out, a disadvantage that the Yubikey OTPs are not time-
stamped...

As to having someone opportunisticly reprogram your yubikey on
insertion - this is a real threat at the moment. Locking the 
reprogramming with a password would fix it, as long as you don't
"lose" that password...

A simpler solution (from my point of view) is to have the Yubikey do
something unusual when a reprogram attempt is made. For example, when
a reprogram attempt is made (via the USB interface):
  - the Yubikey light goes out,
  - you then have 1 second to press the button,
  - the light comes back on, and
  - you have another second to press it again.
The relatively quick double pressing is not a usual event and the
Yubikey firmware can have increased confidence that you really do
want it reprogrammed...

Most of the article appears to be about deficiencies in the current
implementations of Yubico's server code, not in the Yubikey concept
or in the use of reprogrammed keys (other than having them reprogrammed
again).

Cheers,

Bob Edwards.

ps. I'm tidying up my slides from last night and will put them up
somewhere in the next few hours...

More information about the linux mailing list