Comments on: The Yubikey http://etbe.coker.com.au/2010/03/15/yubikey/ Linux, politics, and other interesting things Wed, 08 Feb 2012 14:45:45 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: etbe http://etbe.coker.com.au/2010/03/15/yubikey/comment-page-1/#comment-24485 etbe Tue, 23 Mar 2010 04:41:27 +0000 http://etbe.coker.com.au/?p=1873#comment-24485 Barak: Good point. I should have said that the principle in question applies for all methods of communication other than some of those which rely on a challenge from the server. Some challenge-response systems won't be safe against such an attack either, if you don't have public key encryption and you have the same algorithm and data set used by all servers then any compromised server should be able to gain credentials for others. The problem is that doing this properly requires more compute power on the client side - which can be a problem for a smart-card or other limited device. Maxim: I've replaced the "spambot" message with one that makes things easier for humans. Barak: Good point.

I should have said that the principle in question applies for all methods of communication other than some of those which rely on a challenge from the server.

Some challenge-response systems won’t be safe against such an attack either, if you don’t have public key encryption and you have the same algorithm and data set used by all servers then any compromised server should be able to gain credentials for others. The problem is that doing this properly requires more compute power on the client side – which can be a problem for a smart-card or other limited device.

Maxim: I’ve replaced the “spambot” message with one that makes things easier for humans.

]]> By: Barak A. Pearlmutter http://etbe.coker.com.au/2010/03/15/yubikey/comment-page-1/#comment-24482 Barak A. Pearlmutter Mon, 22 Mar 2010 10:46:44 +0000 http://etbe.coker.com.au/?p=1873#comment-24482 etbe: "If you have server A and server B accepting the same login credentials then if you login to server A which has been compromised then that server could instead of authenticating you use the credentials you supplied to login to server B. This applies for all methods of authentication." That is not true. For instance, challenge/response authentication, where the challenge starts with the name of the server, would not be vulnerable to this. etbe: “If you have server A and server B accepting the same login credentials then if you login to server A which has been compromised then that server could instead of authenticating you use the credentials you supplied to login to server B. This applies for all methods of authentication.” That is not true. For instance, challenge/response authentication, where the challenge starts with the name of the server, would not be vulnerable to this.

]]> By: etbe http://etbe.coker.com.au/2010/03/15/yubikey/comment-page-1/#comment-24466 etbe Thu, 18 Mar 2010 21:10:49 +0000 http://etbe.coker.com.au/?p=1873#comment-24466 Michael: You can do equivalent OTP calculations on a laptop or PDA but it takes more typing and requires more things to carry around. Barak: It's not a OTP. If you have server A and server B accepting the same login credentials then if you login to server A which has been compromised then that server could instead of authenticating you use the credentials you supplied to login to server B. This applies for all methods of authentication. If server A authenticates you and if the authentication server has not been compromised then server B will not accept a login with the same code from the Yubikey. Sure everything the Yubikey does could be done with some software and a USB storage device. The point of the Yubikey is that it's small enough and compatible enough that you can carry it everywhere. Maxim: If you are accused of being a "spambot" then you missed the arithmetic question. I don't like the way it handles errors in that regard and plan to change it. Michael: You can do equivalent OTP calculations on a laptop or PDA but it takes more typing and requires more things to carry around.

Barak: It’s not a OTP. If you have server A and server B accepting the same login credentials then if you login to server A which has been compromised then that server could instead of authenticating you use the credentials you supplied to login to server B. This applies for all methods of authentication. If server A authenticates you and if the authentication server has not been compromised then server B will not accept a login with the same code from the Yubikey.

Sure everything the Yubikey does could be done with some software and a USB storage device. The point of the Yubikey is that it’s small enough and compatible enough that you can carry it everywhere.

Maxim: If you are accused of being a “spambot” then you missed the arithmetic question. I don’t like the way it handles errors in that regard and plan to change it.

]]> By: Maxim http://etbe.coker.com.au/2010/03/15/yubikey/comment-page-1/#comment-24451 Maxim Thu, 18 Mar 2010 11:26:43 +0000 http://etbe.coker.com.au/?p=1873#comment-24451 etbe: You're welcome :) I was asking because I am the maintainer for some of these packages for Fedora, and I know for sure we have pam_yubico, as well as ykpers and libyubikey in Fedora. I'm considering packaging YubiPAM, but I lack time and development seems a bit slow on it. Oh, I'm having a hard time with your spam stuff. OpenID refuses to work and keeps calling me a spambot :) Barak: pam_usb does that, sort of. That project has pretty slow development though. I even think pam_usb got dropped from Fedora for it. The limitation of such a setup would be though, that it would not work - or at least: not easily - over a network. Yubikeys are designed to work over the network. Mitm attacks are an issue for a lot of other network authentication mechanisms too. I a bit short on time, but I invite you to read a bit in the docs on the Yubico website. It's not as simple as you make it sound. etbe: You’re welcome :) I was asking because I am the maintainer for some of these packages for Fedora, and I know for sure we have pam_yubico, as well as ykpers and libyubikey in Fedora. I’m considering packaging YubiPAM, but I lack time and development seems a bit slow on it. Oh, I’m having a hard time with your spam stuff. OpenID refuses to work and keeps calling me a spambot :)

Barak: pam_usb does that, sort of. That project has pretty slow development though. I even think pam_usb got dropped from Fedora for it. The limitation of such a setup would be though, that it would not work – or at least: not easily – over a network. Yubikeys are designed to work over the network. Mitm attacks are an issue for a lot of other network authentication mechanisms too. I a bit short on time, but I invite you to read a bit in the docs on the Yubico website. It’s not as simple as you make it sound.

]]> By: Barak A. Pearlmutter http://etbe.coker.com.au/2010/03/15/yubikey/comment-page-1/#comment-24449 Barak A. Pearlmutter Thu, 18 Mar 2010 10:55:27 +0000 http://etbe.coker.com.au/?p=1873#comment-24449 So basically this gizmo is a (pseudorandom) one-time pad, and other mechanisms need to be used to ensure that reuse is detected and rejected. This requires coordination between servers if a single device is to be used with multiple servers. One compromised server could do a man-in-the-middle attack on login to another server. Or, a man-in-the-middle attack during login to one server, which kills the connection before that server actually sees the string or bumps the centralized count, could be used by the attacker to either log in to that server later or even to another server. This sounds a bit vulnerable to me. (Obviously two-factor authentication, e.g., an additional per-server password, would make such attacks trickier, although perhaps not impossible. Additional passwords, however, also make the device itself of much less utility, since the password alone provides reasonable security.) Also, from a practical perspective, couldn't similar functionality be provided by a USB storage dongle holding some secret information (long one-time pad) together with some program to trickle it out on demand in the right way? So basically this gizmo is a (pseudorandom) one-time pad, and other mechanisms need to be used to ensure that reuse is detected and rejected. This requires coordination between servers if a single device is to be used with multiple servers. One compromised server could do a man-in-the-middle attack on login to another server. Or, a man-in-the-middle attack during login to one server, which kills the connection before that server actually sees the string or bumps the centralized count, could be used by the attacker to either log in to that server later or even to another server.

This sounds a bit vulnerable to me.

(Obviously two-factor authentication, e.g., an additional per-server password, would make such attacks trickier, although perhaps not impossible. Additional passwords, however, also make the device itself of much less utility, since the password alone provides reasonable security.)

Also, from a practical perspective, couldn’t similar functionality be provided by a USB storage dongle holding some secret information (long one-time pad) together with some program to trickle it out on demand in the right way?

]]> By: Michael Fox http://etbe.coker.com.au/2010/03/15/yubikey/comment-page-1/#comment-24428 Michael Fox Tue, 16 Mar 2010 09:28:35 +0000 http://etbe.coker.com.au/?p=1873#comment-24428 My work recently rolled these out, however I am yet to actually test it. I will get around to it, just happy using the one time password setup we have via a bastion type linux host. It works and does what I want. The newer solution was implemented to help those less technical get VPN type access into the corporate environment. My work recently rolled these out, however I am yet to actually test it. I will get around to it, just happy using the one time password setup we have via a bastion type linux host. It works and does what I want. The newer solution was implemented to help those less technical get VPN type access into the corporate environment.

]]>