Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 10:40 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Mon Oct 26, 2015 11:21 am 
Offline

Joined: Mon Oct 26, 2015 10:56 am
Posts: 3
By default the forum requires a OTP to login, obviously this OTP needs to be registered on the yubico servers and one comes already programmed with new yubikeys, my question is: if one loses the yubikey or for some reason the OTP changes (deleted or overwritten by mistake) would enrolling a new OTP through the personalisation tool be enough to fix the mistake and allow one to continue login in the forum?

Regarding U2F I was wondering if there is any way to revoke one/all credentials? I may have missed it but I don't seen anything about that in the personalisation tool.

Another question is related to the number of U2F credentials one can have programmed, the FAQ says: "you can have an unlimited number of U2F credentials on these YubiKeys that support the U2F protocol" but I feel that unlimited is a very big number.

If I understand correctly the gist of how U2F works, then when enrolling a new credential a public/private key pair is generated, the public part is sent to the website and the private part along with some other information is stored in the secure element. For practical purposes the storage in the secure element might be able to store more credentials than one might ever need but I'm still curious about how many it can store.


Last edited by mauro on Mon Oct 26, 2015 5:01 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Oct 26, 2015 12:36 pm 
Offline

Joined: Thu Oct 16, 2014 11:51 pm
Posts: 82
mauro wrote:
If I understand correctly the gist of how U2F works, then when enrolling a new credential a public/private key pair is generated, the public part is sent to the website and the private part along with some other information is stored in the secure element. For practical purposes the storage in the secure element might be able to store more credentials than one might ever need but I'm still curious about how many it can store.


Yubico got clever about keypair generation. The U2F internals create a site's private key from a hash of the appID sent by each site, a locally generated-at-registration random nonce and the unique U2F secret (only one per U2F key). They generate the public key from the private key and return that public key, but also return the nonce and a generated MAC as the keyhandle. The private key is then discarded!

The sites themselves store the public key and nonce (the latter as part of the keyhandle). When transacting, the nonce and MAC are returned to the U2F key (again that's the keyhandle) as is the appID. The private key is then internally re-generated from hash of the appid/nonce (and unique U2F secret) each time.

So the U2F key doesn't store *anything* about each site.

It sounds really backwards, but it works.

See here: https://developers.yubico.com/U2F/Proto ... ation.html

Brendan


Top
 Profile  
Reply with quote  
PostPosted: Mon Oct 26, 2015 2:34 pm 
Offline

Joined: Mon Oct 26, 2015 10:56 am
Posts: 3
That clarifies things. It also answers the question of revoking credentials, given that the yubikey does not have storage for U2F credentials, then on the user side it is not possible to revoke/blacklist anything.


Top
 Profile  
Reply with quote  
PostPosted: Mon Oct 26, 2015 3:21 pm 
Offline

Joined: Thu Oct 16, 2014 11:51 pm
Posts: 82
mauro wrote:
That clarifies things. It also answers the question of revoking credentials, given that the yubikey does not have storage for U2F credentials, then on the user side it is not possible to revoke/blacklist anything.


Hmm.

Can you illustrate a threat model that would require user-side revocation/blacklisting a U2F credential? I would hope that most single-U2f-key server-side implementations would allow for key replacement (effectively revoking the original key) and most multi-u2f-key server-side implementations would allow for server-side revocation of an associated key at the user's request?

B


Top
 Profile  
Reply with quote  
PostPosted: Mon Oct 26, 2015 5:01 pm 
Offline

Joined: Mon Oct 26, 2015 10:56 am
Posts: 3
I wasn't thinking of anything in particular, I suppose I should have worded my previous reply better.

Given that the yubikey does not store U2F credentials then there is nothing to manage on the user side, as in if you replaced the key server side then you would delete/revoke the unneeded private key on the yubikey.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group