Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:29 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Tue May 20, 2008 8:05 pm 
Offline

Joined: Tue May 13, 2008 12:24 am
Posts: 49
Q: What do you use for a source of entropy on the device? How cryptographically secure is the PNRG on it? It seems hard to implement a robust PNRG on such a small device. Is the device firmware-upgradable by any means? Or is it hard-coded once it leaves the factory?

A: Yes, there are counters that can wrap if the device is used heavily. One can always argue if these limitations are sound, but we beleive it will be more than enough for most users.Our math and our rationale in this matter is as follows:

Use counter is 15 bits and the session counter 1 byte. Briefly, this means that the device can generate 32768
OTPs after power-up, and while powered, 256 OTPs can be generated. The worst case is a user that only generates one OTP at each power-up and the lifetime would then be
limited to 32768 OTPs. That may sound like a small number, but assume an average of 10 generated OTPs per day. That means that the device would be okay to usefor almost hundred years... Generating 100 OTPs per day would allow it to be used for about 9 years.

Allowing the 15-bit counter to wrap would open up for a potential replay of previous OTPs. The server could of course keep old OTPs and rely on the RNG to track such attempts. As there is no obvious sign of a wrap,an attacker could not tell if it is meaningful to do a replay. But, we think this should not be necessary to use at all.
Bottom line: We sincerely believe this is not anything that limits the lifetime of the device. Considering such intensive usage, the device would most like die of wear and tear during that timeframe.

Regarding the random number, it is actually quite good as we have some non deterministic and stochastic hardware properties on-board. The RNG itself is a
16-bit LFSR and it is fed by a temperature- and chip dependent oscillator and a high-speed oscillator. The touch key generates a highly unstable, temperature
dependent and chip-dependent (not the same chip as the first one) frequency, which varies wildly with the proximity of the finger.

We're currently using a standard USB chip and are somewhat in the hands of our vendor regarding the physical security of the chip. We are in the process of developing a custom chip, having all hardware protection features on-chip.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon May 26, 2008 5:25 am 
Offline

Joined: Mon May 26, 2008 5:16 am
Posts: 27
Quote:
Use counter is 15 bits

Ok that make 32767 value but what happen to the 16 bits?
is it reserve?
is it already assign to something else?

Thanks
Patgadget

_________________
Patgadget
Montreal


Top
 Profile  
Reply with quote  
PostPosted: Mon May 26, 2008 10:03 am 
Offline
Site Admin
Site Admin

Joined: Tue May 06, 2008 7:22 pm
Posts: 151
The 16th bit is reserved to indicate whether the yubikey was triggered by using the caps-lock or not. Since we have removed this option, we could reclaim the bit but we save this change until we can make a V.2 of the firmware.

/Simon


Top
 Profile  
Reply with quote  
PostPosted: Wed May 28, 2008 6:03 pm 
Offline
Site Admin
Site Admin

Joined: Tue May 06, 2008 7:22 pm
Posts: 151
Let me clarify that the cryptographic security of the device doesn't depend on the random values to be cryptographically secure -- they are just there to add some fuss. Even if they are completely predictable, an attacker should not be able to gain any advantage from this because AES is assumed to be secure against known-plaintext attacks. In other words, known plaintext/ciphertext pairs doesn't help you find the encryption key faster than exhaustive search.

/Simon


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group