| Yubico Forum https://forum.yubico.com/ |
|
| [QUESTION] Can Yubikey4 do SHA2 instead of SHA1 for challeng https://forum.yubico.com/viewtopic.php?f=35&t=2348 |
Page 1 of 1 |
| Author: | cruxic [ Thu Jun 16, 2016 9:04 pm ] |
| Post subject: | [QUESTION] Can Yubikey4 do SHA2 instead of SHA1 for challeng |
Hello, Can the Yubikey 4 do SHA2 instead of SHA1 for the HMAC challenge/response? SHA1 is considered insecure nowadays. Thanks! EDIT: subject updated to include [QUESTION] tag. |
|
| Author: | dain [ Mon Jun 20, 2016 6:41 pm ] |
| Post subject: | Re: [QUESTION] Can Yubikey4 do SHA2 instead of SHA1 for chal |
The attacks on SHA1 have to do with collision resistance. This means that any system relying on collision resistance should no longer be using SHA1. Digital signature schemes typically use a hash function to get a fixed-length value to sign, and that relies very much on collision resistance for security (as the Ars article points out). However, the challenge-response mechanism in the YubiKey uses HMAC-SHA1. HMAC does NOT rely on collision resistance (this has actually been formally proven), and is thus not affected by this problem at all. HMAC-SHA1 is still considered secure. The slot based challenge-response credentials use HMAC-SHA1, and we have no plans on changing this. However, the OATH applet available on the YubiKey NEO as well as YubiKey 4 provides HMAC-SHA256 in addition to HMAC-SHA1 (the YubiKey 4 even supports HMAC-SHA512 as well), but this applet needs to be invoked in a different way compared to the standard slots. For more information on that, go here: https://developers.yubico.com/ykneo-oath/Protocol.html |
|
| Author: | cruxic [ Wed Jun 22, 2016 11:50 pm ] |
| Post subject: | Re: [QUESTION] Can Yubikey4 do SHA2 instead of SHA1 for chal |
Thanks for the reply, dain. Your argument that HMAC-SHA1 is still secure makes sense and I am comfortable with that. Can the Yubikey 4 really do plain HMAC-SHA256? It seems that ykneo-oath would insist on including an incrementing counter in the hash. If you're curious, I'm exploring the use of deterministic password generation for website logins: HMAC(domain-name, seed-stored-in-yubikey). |
|
| Author: | dain [ Wed Jun 29, 2016 3:18 am ] |
| Post subject: | Re: [QUESTION] Can Yubikey4 do SHA2 instead of SHA1 for chal |
Yes, you can do this with the YubiKey 4 or NEO. You have to store the key as a TOTP credential, which does not have a counter. Instead TOTP uses the current time as the challenge, which is passed to the YubiKey from the host PC. To do "plain" HMAC-SHA256 you would use the CALCULATE command, pass in your challenge, and specify that you want the full (non-truncated) response. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|