Yubico Forum

Hi!

Thanks so much for the feedback! Its this kind of input I need to get things working well!

- Unticking the YubiKey mode does not destroy your notes. If you check the box again you can use your Yubikey to decrypt the notes again. The notes are not deleted. EDIT: I see now you realized the same thing. But yes, I see your point though and I will give it some thought to figure out a better way to do this.

- Its true that the Timer locks the notes even if the app is being used. I guess its not ideal and I will see if I can make it more user-aware

- Odd that the time lock doesnt start if you switched password/yubikey mode. The time lock feature should be completely separated. I will have to try and see if I can reproduce the problem.

- By design, its not possible to use two different yubikeys to decrypt the same notes due to the nature of how the encryption key system works.

And yes, you are correct in that currently, its the Yubikey device ID thats being used for encryption/decryption. This has one advantage and one disadvantage (which is partially mitigated for).

+ Its practical because you dont need to program one of your Yubikey slots in a specific manner to make it work with YubiNotes.
- The Device ID is unique but can be guessed. This is partially mitigated for by the fact that the device id is only one part of the encryption key system. (The other parts use the uniquely generated random device keys).

Hope this answered your questions! Again, thanks for your input! Most valuable!

This actually started working again later. Don't know what the hiccup was..


I can see this being a problem. If the app is ever going to be used to store something at least slightly important, there must be a way to restore the contents in case the Yubikey is lost/destroyed/not working. At least with the current implementation of the static ID, there could be a way to enter it manually and unlock that way (provided the user has written the ID down for safekeeping earlier). Don't know what the backup could be with other modes though..


Good point, especially so since the NEO can't use slot 2 with NFC. So could possible modes be:
- mode 1: Yubikey static ID, like it is now
- mode 2 Yubico OTP (has to be online, slower to authenticate)
- mode 3 Challenge-Response (has to have a dedicated NEO)

Does this make sense? Some other option to combine practicability and security?


When you say guessed, do you mean the lenght of the ID which is quite short (=easier to bruteforce)?

How do the random device keys work/protect the memos? As far as I understand, the user or the attacker only has to provide the Yubikey ID and the database will open?

Please bear with me with the crypto questions, I'm a complete noob when it comes to those..

(just so there isn't a huge wall of text, I'm separating this to another post)

I see you already updated the timer lock to wait for user input - thanks!

My suggestions for improvement:
- some way to open the memos if the Yubikey is lost
- the "back" button closes the program, rather than goes back - I'm slowly starting to remember this, but still often close the app when I only want to get back to the main menu
- the timer lock doesn't start the countdown after unlocking, but rather after navigating further into memos - this poses the possibility that the database will be left open, especially if it is only opened to change settings
- if I'm on the "All Notes" view with timer lock enabled and timed out ("waiting for user") and the screen times out (=goes off), then once screen is turned on the database has been locked but the app is still open in the "All Notes" view. The notes are shown in encrypted form but can be edited, thus risking destroying them.
- when the timer lock has timed out, using the apps own back button results in closing the app
- if the timer lock times out while in the settings menu, the app closes

I agree, and I am working on figuring out a way to backup the notes. Maybe by exporting them to file and encrypting it with a password? However, think of the lock as one you would find on a door. If you loose your key, you cant unlock the door. But yes, I even know someone who had a YubiKey Neo suddenly go faulty, so this needs to be dealt with somehow. Thanks!



Yep, this makes sense and I am actively working on it



Its just that the device id's seem to follow a certain pattern, but I dont know for sure.



Think of it like a door with three locks. Your YubiKey is one key, the two randomly and uniquely generated device keys are the two other keys. You need all three to be able to decrypt the notes. This kinda gives you two factor authentication in that you need both your phone and your YubiKey/Password. If someone was to somehow extract the YubiNotes sqlite database, they would have a pretty hard time decrypting the keys, even if the attacker had your YubiKey as well.



No worries, happy to help shed some light on the matter

Great collection of feedback! I will figure out a way to sort it all out! Thanks a lot.

A quick note though, the "back" button does close the program (which is not intended, but kinda happened that way), but you can hit the left most button in the action bar instead to go back.

But again, great observations and I appreciate the feedback.

Hi,

I tried your app, pretty cool. I like the design

I have no idea how difficult this would be but do you think you could sync the notes with google tasks? Of course they would be unreadable on gmail but at least if your phone is lost, your notes can be recovered without loss.

Also, the progressbar that shows when its going to lock is REALLY awesome. Its buggy on my phone but the concept is perfect.

Keep up the good work!

Alex

Thank you ever so for your work on this.

For some reason, Avast thinks that your app is malware. You and I know it isn't, so I've reported a "false positive" to Avast.



Pressing the "Info" button is uninformative.

Thanks for the positive feedback. Ive been a bit busy recently and havent had much time to improve the app, but hopefully Ill find time to get some work done on it soon.

Thanks for the interesting find!

I wonder what the basis for the false positive here could be. The crypto stuff perhaps? At any rate, thanks for reporting it as a false positive.

Dont get me started on how I feel about Android AV though >_<

That's a shame I am genuinely interested to know. I always assumed there was little point in Android AV, like in Linux, but wasn't entirely sure - is it all smoke and mirrors and do I not need it?