Yubico Forum

...visit our web-store at store.yubico.com
It is currently Thu Oct 19, 2017 3:24 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 22 posts ]  Go to page Previous  1, 2, 3  Next
Author Message
PostPosted: Fri May 03, 2013 9:24 pm 
Offline

Joined: Tue Mar 26, 2013 10:43 pm
Posts: 18
foxzilla wrote:
Just found the app on Google Play. LOVE it! Once it's more fully featured (see below), this'll be replacing my current notes app for sure.

Does the app utilize the actual OTP of the NEO or just the ID? Since it's not using challenge-response and is not online, I'm guessing the latter?

Things I noticed after testing for a few minutes (you probably already have these on your todos, but I'll post them anyway for now..):
- Unticking the "Yubikey Mode" and thus destroying all your notes is way too easy (edit: looks like changing back to Yubikey mode made the notes readable again. Still..)
- Timer lock locks the notes even if the app is being used
- After initially choosing Yubikey Mode, I changed to password mode and then back again: now the timer lock won't activate at all anymore
- Way to use two NEO's with the app in case one is lost


Hi!

Thanks so much for the feedback! Its this kind of input I need to get things working well!

- Unticking the YubiKey mode does not destroy your notes. If you check the box again you can use your Yubikey to decrypt the notes again. The notes are not deleted. :) EDIT: I see now you realized the same thing. But yes, I see your point though and I will give it some thought to figure out a better way to do this.

- Its true that the Timer locks the notes even if the app is being used. I guess its not ideal and I will see if I can make it more user-aware :)

- Odd that the time lock doesnt start if you switched password/yubikey mode. The time lock feature should be completely separated. I will have to try and see if I can reproduce the problem.

- By design, its not possible to use two different yubikeys to decrypt the same notes due to the nature of how the encryption key system works.

And yes, you are correct in that currently, its the Yubikey device ID thats being used for encryption/decryption. This has one advantage and one disadvantage (which is partially mitigated for).

+ Its practical because you dont need to program one of your Yubikey slots in a specific manner to make it work with YubiNotes.
- The Device ID is unique but can be guessed. This is partially mitigated for by the fact that the device id is only one part of the encryption key system. (The other parts use the uniquely generated random device keys).

Hope this answered your questions! Again, thanks for your input! Most valuable!


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Sat May 04, 2013 4:55 pm 
Offline

Joined: Thu Mar 15, 2012 6:03 pm
Posts: 32
Quote:
- Odd that the time lock doesnt start if you switched password/yubikey mode. The time lock feature should be completely separated. I will have to try and see if I can reproduce the problem.

This actually started working again later. Don't know what the hiccup was..

Quote:
- By design, its not possible to use two different yubikeys to decrypt the same notes due to the nature of how the encryption key system works.

I can see this being a problem. If the app is ever going to be used to store something at least slightly important, there must be a way to restore the contents in case the Yubikey is lost/destroyed/not working. At least with the current implementation of the static ID, there could be a way to enter it manually and unlock that way (provided the user has written the ID down for safekeeping earlier). Don't know what the backup could be with other modes though..

Quote:
+ Its practical because you dont need to program one of your Yubikey slots in a specific manner to make it work with YubiNotes.

Good point, especially so since the NEO can't use slot 2 with NFC. So could possible modes be:
- mode 1: Yubikey static ID, like it is now
- mode 2 Yubico OTP (has to be online, slower to authenticate)
- mode 3 Challenge-Response (has to have a dedicated NEO)

Does this make sense? Some other option to combine practicability and security?

Quote:
- The Device ID is unique but can be guessed. This is partially mitigated for by the fact that the device id is only one part of the encryption key system. (The other parts use the uniquely generated random device keys).

When you say guessed, do you mean the lenght of the ID which is quite short (=easier to bruteforce)?

How do the random device keys work/protect the memos? As far as I understand, the user or the attacker only has to provide the Yubikey ID and the database will open?

Please bear with me with the crypto questions, I'm a complete noob when it comes to those.. :)


Top
 Profile  
Reply with quote  
PostPosted: Sat May 04, 2013 5:02 pm 
Offline

Joined: Thu Mar 15, 2012 6:03 pm
Posts: 32
(just so there isn't a huge wall of text, I'm separating this to another post)

I see you already updated the timer lock to wait for user input - thanks!

My suggestions for improvement:
- some way to open the memos if the Yubikey is lost
- the "back" button closes the program, rather than goes back - I'm slowly starting to remember this, but still often close the app when I only want to get back to the main menu
- the timer lock doesn't start the countdown after unlocking, but rather after navigating further into memos - this poses the possibility that the database will be left open, especially if it is only opened to change settings
- if I'm on the "All Notes" view with timer lock enabled and timed out ("waiting for user") and the screen times out (=goes off), then once screen is turned on the database has been locked but the app is still open in the "All Notes" view. The notes are shown in encrypted form but can be edited, thus risking destroying them.
- when the timer lock has timed out, using the apps own back button results in closing the app
- if the timer lock times out while in the settings menu, the app closes


Top
 Profile  
Reply with quote  
PostPosted: Sat May 04, 2013 5:08 pm 
Offline

Joined: Tue Mar 26, 2013 10:43 pm
Posts: 18
Quote:
I can see this being a problem. If the app is ever going to be used to store something at least slightly important, there must be a way to restore the contents in case the Yubikey is lost/destroyed/not working. At least with the current implementation of the static ID, there could be a way to enter it manually and unlock that way (provided the user has written the ID down for safekeeping earlier). Don't know what the backup could be with other modes though..


I agree, and I am working on figuring out a way to backup the notes. Maybe by exporting them to file and encrypting it with a password? However, think of the lock as one you would find on a door. If you loose your key, you cant unlock the door. But yes, I even know someone who had a YubiKey Neo suddenly go faulty, so this needs to be dealt with somehow. Thanks!

Quote:
Good point, especially so since the NEO can't use slot 2 with NFC. So could possible modes be:
- mode 1: Yubikey static ID, like it is now
- mode 2 Yubico OTP (has to be online, slower to authenticate)
- mode 3 Challenge-Response (has to have a dedicated NEO)

Does this make sense? Some other option to combine practicability and security?


Yep, this makes sense and I am actively working on it :)

Quote:
When you say guessed, do you mean the lenght of the ID which is quite short (=easier to bruteforce)


Its just that the device id's seem to follow a certain pattern, but I dont know for sure.

Quote:
How do the random device keys work/protect the memos? As far as I understand, the user or the attacker only has to provide the Yubikey ID and the database will open?


Think of it like a door with three locks. Your YubiKey is one key, the two randomly and uniquely generated device keys are the two other keys. You need all three to be able to decrypt the notes. This kinda gives you two factor authentication in that you need both your phone and your YubiKey/Password. If someone was to somehow extract the YubiNotes sqlite database, they would have a pretty hard time decrypting the keys, even if the attacker had your YubiKey as well.

Quote:
Please bear with me with the crypto questions, I'm a complete noob when it comes to those.. :)


No worries, happy to help shed some light on the matter :)


Top
 Profile  
Reply with quote  
PostPosted: Sat May 04, 2013 5:11 pm 
Offline

Joined: Tue Mar 26, 2013 10:43 pm
Posts: 18
foxzilla wrote:
(just so there isn't a huge wall of text, I'm separating this to another post)

I see you already updated the timer lock to wait for user input - thanks!

My suggestions for improvement:
- some way to open the memos if the Yubikey is lost
- the "back" button closes the program, rather than goes back - I'm slowly starting to remember this, but still often close the app when I only want to get back to the main menu
- the timer lock doesn't start the countdown after unlocking, but rather after navigating further into memos - this poses the possibility that the database will be left open, especially if it is only opened to change settings
- if I'm on the "All Notes" view with timer lock enabled and timed out ("waiting for user") and the screen times out (=goes off), then once screen is turned on the database has been locked but the app is still open in the "All Notes" view. The notes are shown in encrypted form but can be edited, thus risking destroying them.
- when the timer lock has timed out, using the apps own back button results in closing the app
- if the timer lock times out while in the settings menu, the app closes


Great collection of feedback! I will figure out a way to sort it all out! Thanks a lot.

A quick note though, the "back" button does close the program (which is not intended, but kinda happened that way), but you can hit the left most button in the action bar instead to go back. :)

But again, great observations and I appreciate the feedback.


Top
 Profile  
Reply with quote  
PostPosted: Wed Jun 12, 2013 5:34 am 
Offline

Joined: Wed May 09, 2012 9:35 pm
Posts: 45
Hi,

I tried your app, pretty cool. I like the design :-)

I have no idea how difficult this would be but do you think you could sync the notes with google tasks? Of course they would be unreadable on gmail but at least if your phone is lost, your notes can be recovered without loss.

Also, the progressbar that shows when its going to lock is REALLY awesome. Its buggy on my phone but the concept is perfect.

Keep up the good work!

Alex


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 18, 2013 4:56 pm 
Offline

Joined: Tue Jun 18, 2013 4:08 pm
Posts: 3
Thank you ever so for your work on this.

For some reason, Avast thinks that your app is malware. You and I know it isn't, so I've reported a "false positive" to Avast.

Image

Pressing the "Info" button is uninformative.

Image


Top
 Profile  
Reply with quote  
PostPosted: Thu Jun 20, 2013 4:08 pm 
Offline

Joined: Tue Mar 26, 2013 10:43 pm
Posts: 18
Morphlin wrote:
Hi,

I tried your app, pretty cool. I like the design :-)

I have no idea how difficult this would be but do you think you could sync the notes with google tasks? Of course they would be unreadable on gmail but at least if your phone is lost, your notes can be recovered without loss.

Also, the progressbar that shows when its going to lock is REALLY awesome. Its buggy on my phone but the concept is perfect.

Keep up the good work!

Alex


Thanks for the positive feedback. Ive been a bit busy recently and havent had much time to improve the app, but hopefully Ill find time to get some work done on it soon.


Top
 Profile  
Reply with quote  
PostPosted: Thu Jun 20, 2013 4:09 pm 
Offline

Joined: Tue Mar 26, 2013 10:43 pm
Posts: 18
kingqueen wrote:
Thank you ever so for your work on this.

For some reason, Avast thinks that your app is malware. You and I know it isn't, so I've reported a "false positive" to Avast.

Image

Pressing the "Info" button is uninformative.

Image


Thanks for the interesting find!

I wonder what the basis for the false positive here could be. The crypto stuff perhaps? At any rate, thanks for reporting it as a false positive.

Dont get me started on how I feel about Android AV though >_<


Top
 Profile  
Reply with quote  
PostPosted: Fri Jun 21, 2013 7:01 pm 
Offline

Joined: Tue Jun 18, 2013 4:08 pm
Posts: 3
Untouchab1e wrote:
Dont get me started on how I feel about Android AV though >_<


That's a shame :D I am genuinely interested to know. I always assumed there was little point in Android AV, like in Linux, but wasn't entirely sure - is it all smoke and mirrors and do I not need it?


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 22 posts ]  Go to page Previous  1, 2, 3  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group