Yubico Forum

...visit our web-store at store.yubico.com
It is currently Sun Apr 23, 2017 6:47 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Wed Apr 12, 2017 1:21 pm 
Offline

Joined: Wed Apr 12, 2017 1:14 pm
Posts: 1
Really enjoying my new yubikey but I'm trying to understand the PIN/PUK model. A big draw of having a yubikey for me is that (in principle at least), I'm less vulnerable to my machine being compromised, because the cryptographic keys I care about don't reside on it.

After accidentally entering my PIN 3 times incorrectly in gnupg and getting it blocked, I looked a bit more at the blocking procedure and was wondering if I'm still exposed to a different type of attack: a "for the lulz" attack that can't steal any keys from me, but can still cause me massive headaches by spuriously blocking my PINs and PUKs until I'm forced to reset my key. Here's the (hypothetical; I'm not necessarily actually this paranoid) scenario:

1. Attacker breaks into my computer
2. Attacker tries to steal muh keyz
3. Attacker gets frustrated, says "if I can't have them, nobody will"
4. Attacker enters my PIN incorrectly several times, followed by (potentially if it's enabled) my PUK
5. Attacker moves on, leaving me to clean up the mess of having to reset my yubikey and reprovision new keys all over the place

Is this a potential attack or am I missing something that makes it hard? It seems like this would be alleviated if each failed PIN/PUK attempt required me to physically touch the yubikey button to reactivate it, thus preventing all automated attacks that don't have physical access. Is it possible for me to configure my key to require a button press on failed PIN/PUK attempts?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed Apr 12, 2017 8:55 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 271
First, to clarify...

GnuPG/OpenPGP doesn't have a PUK, PIV does.

OpenPGP
PIN: 3 retries then locked
Resetting Code: none by default
Admin PIN: 3 retries then locked

PIV
PIN: 3 retries then locked
PUK: 3 retries then locked (device must then be reset)
Management Key: doesn't lock
(may be useful - https://developers.yubico.com/PIV/Intro ... ccess.html)

To your question, no, if someone has physical access to your YubiKey, or if they have control over your computer and the YubiKey is plugged in, the OpenPGP and PIV applets can be locked out / reset, and OATH applet can be reset / credentials deleted.

A feature request for a change to the OpenPGP applet could be submitted on GitHub, if you wish, but I'm not sure the viability of this scenario - https://github.com/Yubico/ykneo-openpgp/issues


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group