Yubico Forum
https://forum.yubico.com/

Vulnerabilities recently disclosed?
https://forum.yubico.com/viewtopic.php?f=16&t=1751
Page 1 of 1

Author:  rojer [ Sat Feb 21, 2015 1:56 am ]
Post subject:  Vulnerabilities recently disclosed?

First - This site has had me pass my YubiKey w/o HTTPS - three times now.
Second - and the real reason for the question - Are my two keys compromised?

Two factor authentication isn't very valuable if the encryption has been compromised.

I am a customer who uses YubiKey with LastPass.
But if it was manufactured with a compromised key - my data is no longer secure.

I ask because of the recent disclosures:
https://firstlook.org/theintercept/2015 ... sim-heist/

"THE BREACH OF Gemalto’s computer network by GCHQ has far-reaching global implications. The company, which brought in $2.7 billion in revenue in 2013, is a global leader in digital security, producing banking cards, mobile payment systems, two-factor authentication devices used for online security, hardware tokens used for securing buildings and offices, electronic passports and identification cards. "

Author:  brendanhoar [ Sat Feb 21, 2015 8:11 pm ]
Post subject:  Re: Vulnerabilities recently disclosed?

The sort of attack used with Gemalto involves symmetric keys, that is, the same key stored in the SIM card as is "securely" shipped to the telcom provider. Once that key is stolen by an attacker, such as TEG, game over.

That kind of attack could be similarly performed against other providers of stored-symmetric keys, such as Yubicloud keys, etc.

Unlike SIM cards, however, Yubikey secret keys (other than applet programming/signing keys, which we'll skip discussing here) are fully replaceable by the customer, including the yubicloud secret. So, if you're worried that the yubicloud secret in your device has been stolen *in the past*: unlink your yubikey from LastPass, use the Yubikey Personalization Tool to install a new key, then upload that to the yubicloud servers. Granted, that assumes that they won't be compromised in the future... :)

So, that's always the caveat for purely symmetric encryption-based security: in applications/algorithms where symmetric keys are used (SIMs, yubicloud, Google/Yubico Authenticator/HOTP/TOTP/HMAC-SHA1, etc.) one has to ensure and/or trust that *both* parties are able to protect the shared secret key. And there's also the key distribution/transport issue.

For applications/algorithms where ASYMMETRIC keys are used (PGP, TLS, ECC, RSA, DH) one only has to ensure and/or trust that each party can protect their own private key. When properly implemented, this avoids key distribution/transport exposures and is safer for certain security requirements (where supported), as it allows endpoint generation of ephemeral keys for each transaction vs. a never changing shared key. Plus a single private key can be used for multi-party communications.

Neo-type Yubikeys are based on the NXP A700 secure crypto-processor (series) chips. They include a real RNG and support for a plethora of applications/algorithms. Assuming the hardware hasn't been compromised, this is where I'd want to generate and/or store asymmetric keys.

I'm not sure of the tech in the classic and/or U2F-only Yubikeys, but, other than the U2F support part, they don't offer asymmetric encryption.

All that being said: for LastPass I wouldn't worry too much about bulk theft of Yubico's Yubicloud shared secrets. I'd worry more about an attack on the LastPass infrastructure. LastPass isn't using the stored secret on the Yubikey/Yubicloud to encrypt/decrypt the LastPass database. It's querying Yubicloud with the OTP to grant permission to send the standard-password-encrypted password database to the endpoint from the LastPass cloud. Note: there might also be an additional layer of encryption on the database that uses the non-changing portion of the yubikey OTP, but that part of the OTP isn't really a secret. If so, the database is simply encrypted with two static passwords. The yubikey supplies permission to send the encrypted database, not much more.

Also, I expect the LastPass infrastructure to be less secure than the Yubico infrastructure.

Brendan

PS - LastPass is convenient and good protection against criminals and busybodies. I don't think it's appropriate for warding off state-sponsored attacks, at least not from intelligence agencies. On that note, I'd worry more (but only a little) about state-level attacks against NXP's hardware such as making the RNG or PRNG fed by the RNG more predictable. Or, worry about the general problems of shared-secret protection at the endpoints you use the yubikey to protect communications of. If you're highly targeted by the NSA, well, you need significantly higher OpSec - none of your secrets should be connected to the internet, ever. And even then, air-gaps won't always save you.

Author:  brendanhoar [ Mon Feb 23, 2015 2:47 pm ]
Post subject:  Re: Vulnerabilities recently disclosed?

Here's a nice discussion about why SIMs aren't as secure as they could have been...

https://nakedsecurity.sophos.com/2015/0 ... n-avoided/

B

Author:  Tom2 [ Mon Feb 23, 2015 2:56 pm ]
Post subject:  Re: Vulnerabilities recently disclosed?

Hello,

My _personal_ thoughts is that the Yubico OTP is not involved at all in the DB encryption of your password database for LastPass.

If that would be the case i fail to see a secure way of doing it. Using the public_id of the Yubikey would not be a good, secure approach.

Moreover, LastPass offers you methods to recover your passwords if you lost your Yubikey. This clearly shows that the Yubikey is only used only to validate the access to your account, but not for encryption/decryption the database.

Author:  rojer [ Sun Mar 01, 2015 1:48 am ]
Post subject:  Re: Vulnerabilities recently disclosed?

Well - thanks for the replies.

I'm not so sure they illuminate the problem as well as I'd like.
I'm a reasonably well educated technician, but that technical explanation was a bit difficult to digest.
I didn't really want to have to research what half of the answer was saying in layman's terms.

What I think I get out of this is that Yubico simply confirms that the inserted key is a valid response.
That this being a second form of authority identifies my username and my password are verified users of a YubiKey, and not much more.

I did not think that the key itself provided any form of encryption for my communication, but I still don't believe passing its contents in any situation via plain text is a wise idea.

LastPass gave me a nearly canned response and as such - no one has answered my question in plain English to my satisifaction.
But it boils down to this - the worst criminals are getting paid via my tax dollars and there isn't much I can do about their illicit, immoral, anti-American behavior.
It's easier to say what has not been compromised - which is the space between my ears and behind my eyes.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/