Yubico Forum

By default the forum requires a OTP to login, obviously this OTP needs to be registered on the yubico servers and one comes already programmed with new yubikeys, my question is: if one loses the yubikey or for some reason the OTP changes (deleted or overwritten by mistake) would enrolling a new OTP through the personalisation tool be enough to fix the mistake and allow one to continue login in the forum?

Regarding U2F I was wondering if there is any way to revoke one/all credentials? I may have missed it but I don't seen anything about that in the personalisation tool.

Another question is related to the number of U2F credentials one can have programmed, the FAQ says: "you can have an unlimited number of U2F credentials on these YubiKeys that support the U2F protocol" but I feel that unlimited is a very big number.

If I understand correctly the gist of how U2F works, then when enrolling a new credential a public/private key pair is generated, the public part is sent to the website and the private part along with some other information is stored in the secure element. For practical purposes the storage in the secure element might be able to store more credentials than one might ever need but I'm still curious about how many it can store.

Yubico got clever about keypair generation. The U2F internals create a site's private key from a hash of the appID sent by each site, a locally generated-at-registration random nonce and the unique U2F secret (only one per U2F key). They generate the public key from the private key and return that public key, but also return the nonce and a generated MAC as the keyhandle. The private key is then discarded!

The sites themselves store the public key and nonce (the latter as part of the keyhandle). When transacting, the nonce and MAC are returned to the U2F key (again that's the keyhandle) as is the appID. The private key is then internally re-generated from hash of the appid/nonce (and unique U2F secret) each time.

So the U2F key doesn't store *anything* about each site.

It sounds really backwards, but it works.

See here: https://developers.yubico.com/U2F/Proto ... ation.html

Brendan

That clarifies things. It also answers the question of revoking credentials, given that the yubikey does not have storage for U2F credentials, then on the user side it is not possible to revoke/blacklist anything.

Hmm.

Can you illustrate a threat model that would require user-side revocation/blacklisting a U2F credential? I would hope that most single-U2f-key server-side implementations would allow for key replacement (effectively revoking the original key) and most multi-u2f-key server-side implementations would allow for server-side revocation of an associated key at the user's request?

B

I wasn't thinking of anything in particular, I suppose I should have worded my previous reply better.

Given that the yubikey does not store U2F credentials then there is nothing to manage on the user side, as in if you replaced the key server side then you would delete/revoke the unneeded private key on the yubikey.