Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:12 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Sat Feb 21, 2015 1:56 am 
Offline

Joined: Sat Feb 21, 2015 1:47 am
Posts: 2
First - This site has had me pass my YubiKey w/o HTTPS - three times now.
Second - and the real reason for the question - Are my two keys compromised?

Two factor authentication isn't very valuable if the encryption has been compromised.

I am a customer who uses YubiKey with LastPass.
But if it was manufactured with a compromised key - my data is no longer secure.

I ask because of the recent disclosures:
https://firstlook.org/theintercept/2015 ... sim-heist/

"THE BREACH OF Gemalto’s computer network by GCHQ has far-reaching global implications. The company, which brought in $2.7 billion in revenue in 2013, is a global leader in digital security, producing banking cards, mobile payment systems, two-factor authentication devices used for online security, hardware tokens used for securing buildings and offices, electronic passports and identification cards. "


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Sat Feb 21, 2015 8:11 pm 
Offline

Joined: Thu Oct 16, 2014 11:51 pm
Posts: 82
The sort of attack used with Gemalto involves symmetric keys, that is, the same key stored in the SIM card as is "securely" shipped to the telcom provider. Once that key is stolen by an attacker, such as TEG, game over.

That kind of attack could be similarly performed against other providers of stored-symmetric keys, such as Yubicloud keys, etc.

Unlike SIM cards, however, Yubikey secret keys (other than applet programming/signing keys, which we'll skip discussing here) are fully replaceable by the customer, including the yubicloud secret. So, if you're worried that the yubicloud secret in your device has been stolen *in the past*: unlink your yubikey from LastPass, use the Yubikey Personalization Tool to install a new key, then upload that to the yubicloud servers. Granted, that assumes that they won't be compromised in the future... :)

So, that's always the caveat for purely symmetric encryption-based security: in applications/algorithms where symmetric keys are used (SIMs, yubicloud, Google/Yubico Authenticator/HOTP/TOTP/HMAC-SHA1, etc.) one has to ensure and/or trust that *both* parties are able to protect the shared secret key. And there's also the key distribution/transport issue.

For applications/algorithms where ASYMMETRIC keys are used (PGP, TLS, ECC, RSA, DH) one only has to ensure and/or trust that each party can protect their own private key. When properly implemented, this avoids key distribution/transport exposures and is safer for certain security requirements (where supported), as it allows endpoint generation of ephemeral keys for each transaction vs. a never changing shared key. Plus a single private key can be used for multi-party communications.

Neo-type Yubikeys are based on the NXP A700 secure crypto-processor (series) chips. They include a real RNG and support for a plethora of applications/algorithms. Assuming the hardware hasn't been compromised, this is where I'd want to generate and/or store asymmetric keys.

I'm not sure of the tech in the classic and/or U2F-only Yubikeys, but, other than the U2F support part, they don't offer asymmetric encryption.

All that being said: for LastPass I wouldn't worry too much about bulk theft of Yubico's Yubicloud shared secrets. I'd worry more about an attack on the LastPass infrastructure. LastPass isn't using the stored secret on the Yubikey/Yubicloud to encrypt/decrypt the LastPass database. It's querying Yubicloud with the OTP to grant permission to send the standard-password-encrypted password database to the endpoint from the LastPass cloud. Note: there might also be an additional layer of encryption on the database that uses the non-changing portion of the yubikey OTP, but that part of the OTP isn't really a secret. If so, the database is simply encrypted with two static passwords. The yubikey supplies permission to send the encrypted database, not much more.

Also, I expect the LastPass infrastructure to be less secure than the Yubico infrastructure.

Brendan

PS - LastPass is convenient and good protection against criminals and busybodies. I don't think it's appropriate for warding off state-sponsored attacks, at least not from intelligence agencies. On that note, I'd worry more (but only a little) about state-level attacks against NXP's hardware such as making the RNG or PRNG fed by the RNG more predictable. Or, worry about the general problems of shared-secret protection at the endpoints you use the yubikey to protect communications of. If you're highly targeted by the NSA, well, you need significantly higher OpSec - none of your secrets should be connected to the internet, ever. And even then, air-gaps won't always save you.


Top
 Profile  
Reply with quote  
PostPosted: Mon Feb 23, 2015 2:47 pm 
Offline

Joined: Thu Oct 16, 2014 11:51 pm
Posts: 82
Here's a nice discussion about why SIMs aren't as secure as they could have been...

https://nakedsecurity.sophos.com/2015/0 ... n-avoided/

B


Top
 Profile  
Reply with quote  
PostPosted: Mon Feb 23, 2015 2:56 pm 
Offline
Site Admin
Site Admin

Joined: Mon Dec 08, 2014 2:52 pm
Posts: 314
Hello,

My _personal_ thoughts is that the Yubico OTP is not involved at all in the DB encryption of your password database for LastPass.

If that would be the case i fail to see a secure way of doing it. Using the public_id of the Yubikey would not be a good, secure approach.

Moreover, LastPass offers you methods to recover your passwords if you lost your Yubikey. This clearly shows that the Yubikey is only used only to validate the access to your account, but not for encryption/decryption the database.


Top
 Profile  
Reply with quote  
PostPosted: Sun Mar 01, 2015 1:48 am 
Offline

Joined: Sat Feb 21, 2015 1:47 am
Posts: 2
Well - thanks for the replies.

I'm not so sure they illuminate the problem as well as I'd like.
I'm a reasonably well educated technician, but that technical explanation was a bit difficult to digest.
I didn't really want to have to research what half of the answer was saying in layman's terms.

What I think I get out of this is that Yubico simply confirms that the inserted key is a valid response.
That this being a second form of authority identifies my username and my password are verified users of a YubiKey, and not much more.

I did not think that the key itself provided any form of encryption for my communication, but I still don't believe passing its contents in any situation via plain text is a wise idea.

LastPass gave me a nearly canned response and as such - no one has answered my question in plain English to my satisifaction.
But it boils down to this - the worst criminals are getting paid via my tax dollars and there isn't much I can do about their illicit, immoral, anti-American behavior.
It's easier to say what has not been compromised - which is the space between my ears and behind my eyes.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: Baidu [Spider] and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group