The sort of attack used with Gemalto involves symmetric keys, that is, the same key stored in the SIM card as is "securely" shipped to the telcom provider. Once that key is stolen by an attacker, such as TEG, game over.
That kind of attack could be similarly performed against other providers of stored-symmetric keys, such as Yubicloud keys, etc.
Unlike SIM cards, however, Yubikey secret keys (other than applet programming/signing keys, which we'll skip discussing here) are fully replaceable by the customer, including the yubicloud secret. So, if you're worried that the yubicloud secret in your device has been stolen *in the past*: unlink your yubikey from LastPass, use the Yubikey Personalization Tool to install a new key, then upload that to the yubicloud servers. Granted, that assumes that they won't be compromised in the future...
So, that's always the caveat for purely symmetric encryption-based security: in applications/algorithms where symmetric keys are used (SIMs, yubicloud, Google/Yubico Authenticator/HOTP/TOTP/HMAC-SHA1, etc.) one has to ensure and/or trust that *both* parties are able to protect the shared secret key. And there's also the key distribution/transport issue.
For applications/algorithms where ASYMMETRIC keys are used (PGP, TLS, ECC, RSA, DH) one only has to ensure and/or trust that each party can protect their own private key. When properly implemented, this avoids key distribution/transport exposures and is safer for certain security requirements (where supported), as it allows endpoint generation of ephemeral keys for each transaction vs. a never changing shared key. Plus a single private key can be used for multi-party communications.
Neo-type Yubikeys are based on the NXP A700 secure crypto-processor (series) chips. They include a real RNG and support for a plethora of applications/algorithms. Assuming the hardware hasn't been compromised, this is where I'd want to generate and/or store asymmetric keys.
I'm not sure of the tech in the classic and/or U2F-only Yubikeys, but, other than the U2F support part, they don't offer asymmetric encryption.
All that being said: for LastPass I wouldn't worry too much about bulk theft of Yubico's Yubicloud shared secrets. I'd worry more about an attack on the LastPass infrastructure. LastPass isn't using the stored secret on the Yubikey/Yubicloud to encrypt/decrypt the LastPass database. It's querying Yubicloud with the OTP to grant permission to send the standard-password-encrypted password database to the endpoint from the LastPass cloud. Note: there might also be an additional layer of encryption on the database that uses the non-changing portion of the yubikey OTP, but that part of the OTP isn't really a secret. If so, the database is simply encrypted with two static passwords. The yubikey supplies permission to send the encrypted database, not much more.
Also, I expect the LastPass infrastructure to be less secure than the Yubico infrastructure.
Brendan
PS - LastPass is convenient and good protection against criminals and busybodies. I don't think it's appropriate for warding off state-sponsored attacks, at least not from intelligence agencies. On that note, I'd worry more (but only a little) about state-level attacks against NXP's hardware such as making the RNG or PRNG fed by the RNG more predictable. Or, worry about the general problems of shared-secret protection at the endpoints you use the yubikey to protect communications of. If you're highly targeted by the NSA, well, you need significantly higher OpSec - none of your secrets should be connected to the internet, ever. And even then, air-gaps won't always save you.
Login
FAQ
Search
