Yubikeys are now supported
The Fedora Infrastructure team is happy to announce support for the hardware key authentication device, the yubikey. Users will be able to use their own yubikeys to access some Fedora services, like fedorapeople.org or some web services. Why have we done this? The main purpose was to provide multi-factor authentication to our high security systems. Requiring both a username/password and yubikey otp to access our most sensitive hosts provides an additional layer of security then just username/password alone. Contributors requiring access to these hosts will be provided with a yubikey. These hosts would include, for example, the signing servers. We also decided to allow yubikeys as an authentication option for the larger community to some hosts and services like fedorapeople.org or https://admin.fedoraproject.org/community/. When asked for a password, just use your yubikey to generate a otp instead. Those wishing to use one may purchase a yubikey on their own at: http://yubico.com/products/yubikey/ For more information on how to program your yubikey see the our yubikey howto on the wiki: http://fedoraproject.org/wiki/Infrastruture/Yubikey Implementation work continues to be discussed and put in please but please direct any questions or comments to #fedora-admin on irc.freenode.net or the Infrastructure mailing list - https://admin.fedoraproject.org/mailman/listinfo/infrastructure -Mike ___ devel-announce mailing list devel-annou...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel-announce -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Thu, Oct 07, 2010 at 12:04:49 -0500, Mike McGrath wrote: > > We also decided to allow yubikeys as an authentication option for the > larger community to some hosts and services like fedorapeople.org or > https://admin.fedoraproject.org/community/. When asked for a password, > just use your yubikey to generate a otp instead. Those wishing to use one > may purchase a yubikey on their own at: While I won't make this Fudcon, I am wondering if it might be worth getting some idea of what interest there would be for people wanting those and getting a bulk discount and having people pay for them at a Fudcon. It looked like even 10 got you a decent discount. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Thu, 7 Oct 2010, Bruno Wolff III wrote: > On Thu, Oct 07, 2010 at 12:04:49 -0500, > Mike McGrath wrote: > > > > We also decided to allow yubikeys as an authentication option for the > > larger community to some hosts and services like fedorapeople.org or > > https://admin.fedoraproject.org/community/. When asked for a password, > > just use your yubikey to generate a otp instead. Those wishing to use one > > may purchase a yubikey on their own at: > > While I won't make this Fudcon, I am wondering if it might be worth getting > some idea of what interest there would be for people wanting those and > getting a bulk discount and having people pay for them at a Fudcon. > It looked like even 10 got you a decent discount. > I do happen to know there's a 40% discount for people via this site: http://forum.wegotserved.com/index.php/topic/9310-discount-on-yubikey-via-securitynow-podcast/ I suspect it'd be worth it to see if we could get one for Fedora. -Mike -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Thu, 7 Oct 2010, Mike McGrath wrote: >>> We also decided to allow yubikeys as an authentication option for the >>> larger community to some hosts and services like fedorapeople.org or >>> https://admin.fedoraproject.org/community/. When asked for a password, >>> just use your yubikey to generate a otp instead. Those wishing to use one >>> may purchase a yubikey on their own at: > I suspect it'd be worth it to see if we could get one for Fedora. I have one and I've played with it in fedora. There is however an important catch. The server and the yubikey share the same AES symmetric key. This means that if the yubikey is used for multiple sites by one user, that user is sharing is his "private key" over various external sites. So if fedoraproject would accept it, and the same user uses this yubikey for another site, and that other site gets hacked, then fedoraproject could be hacked as well. I guess in a way it is like using the same password, but people might not be thinking of that when they have a "device" on them that they use. Paul -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Thu, Oct 07, 2010 at 12:04:49PM -0500, Mike McGrath wrote: > Implementation work continues to be discussed and put in please but please > direct any questions or comments to #fedora-admin on irc.freenode.net or > the Infrastructure mailing list - Hello, synchronicity! I was just looking at this for a work project, and my test Yubikeys arrived today. I'm a little disturbed by the pam module in Fedora Rawhide, though -- it seems to segfault on success, which is non-ideal behavior for a security module. -- Matthew Miller Senior Systems Architect -- Instructional & Research Computing Services Harvard School of Engineering & Applied Sciences -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
I'm not a security expert but I understood that the usual way to use these keys was to have one server that the key authenticates with, and further sites would be accessible through openID or similar - so the authentication is always with one server. Using the same device with mutliple servers is possible but increases the possibility of OTP being replayed - since one server is not aware that the other has consumed the OTP. Also my Yubikey can store more than one set of 'secrets' so it's really two keys in one. I have one that authenticates against the 'official' server and the secondary key is used with a private server. Worth considering if you want to use the same physical device over multiple servers. I hope some technical details will be published about the Fedora use of Yubikeys sometime soon. -Cam On Thu, Oct 7, 2010 at 10:51 PM, Paul Wouters wrote: > On Thu, 7 Oct 2010, Mike McGrath wrote: > We also decided to allow yubikeys as an authentication option for the larger community to some hosts and services like fedorapeople.org or https://admin.fedoraproject.org/community/. When asked for a password, just use your yubikey to generate a otp instead. Those wishing to use one may purchase a yubikey on their own at: > >> I suspect it'd be worth it to see if we could get one for Fedora. > > I have one and I've played with it in fedora. There is however an important > catch. The server and the yubikey share the same AES symmetric key. This means > that if the yubikey is used for multiple sites by one user, that user is > sharing > is his "private key" over various external sites. > > So if fedoraproject would accept it, and the same user uses this yubikey for > another site, and that other site gets hacked, then fedoraproject could be > hacked as well. > > I guess in a way it is like using the same password, but people might not be > thinking of that when they have a "device" on them that they use. > > Paul > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel > -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Thu, Oct 7, 2010 at 5:51 PM, Paul Wouters wrote: > I have one and I've played with it in fedora. There is however an important > catch. The server and the yubikey share the same AES symmetric key. This means > that if the yubikey is used for multiple sites by one user, that user is > sharing > is his "private key" over various external sites. > > So if fedoraproject would accept it, and the same user uses this yubikey for > another site, and that other site gets hacked, then fedoraproject could be > hacked as well. > > I guess in a way it is like using the same password, but people might not be > thinking of that when they have a "device" on them that they use. Wow, that's a serious weakness. Are we sure about this? -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On 10/7/2010 12:04, Mike McGrath wrote: > http://fedoraproject.org/wiki/Infrastruture/Yubikey ^^ Typo alert! ;) -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Thu, 7 Oct 2010, Mike McLean wrote: >> I guess in a way it is like using the same password, but people might not be >> thinking of that when they have a "device" on them that they use. > > Wow, that's a serious weakness. Are we sure about this? http://www.yubico.com/files/Security_Evaluation_2009-09-09.pdf Section 5.2. Paul -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Thu, 7 Oct 2010, Paul Wouters wrote: > On Thu, 7 Oct 2010, Mike McGrath wrote: > > >>> We also decided to allow yubikeys as an authentication option for the > >>> larger community to some hosts and services like fedorapeople.org or > >>> https://admin.fedoraproject.org/community/. When asked for a password, > >>> just use your yubikey to generate a otp instead. Those wishing to use one > >>> may purchase a yubikey on their own at: > > > I suspect it'd be worth it to see if we could get one for Fedora. > > I have one and I've played with it in fedora. There is however an important > catch. The server and the yubikey share the same AES symmetric key. This means > that if the yubikey is used for multiple sites by one user, that user is > sharing > is his "private key" over various external sites. > > So if fedoraproject would accept it, and the same user uses this yubikey for > another site, and that other site gets hacked, then fedoraproject could be > hacked as well. > > I guess in a way it is like using the same password, but people might not be > thinking of that when they have a "device" on them that they use. > My understanding on this is, and I reserve the right to misunderstand this, is that once the AES key is on the yubikey, there is no way to get it off of there. That key is just used to generate OTP's. So if an attacker were to get an OTP they could use it to access fedora resources. But only once (which is kind of the point of the otp). And they'd only be able to use it once if the real user hadn't used it again making the attack window smaller. If you think I am wrong here please do join #fedora-admin on irc.freenode.net and help walk me through an attack. We have staging and development servers setup for such a purpose. -Mike -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On 2010-10-07 07:25:47 PM, Mike McLean wrote: > On Thu, Oct 7, 2010 at 5:51 PM, Paul Wouters wrote: > > I have one and I've played with it in fedora. There is however an important > > catch. The server and the yubikey share the same AES symmetric key. This > > means > > that if the yubikey is used for multiple sites by one user, that user is > > sharing > > is his "private key" over various external sites. > > > > So if fedoraproject would accept it, and the same user uses this yubikey for > > another site, and that other site gets hacked, then fedoraproject could be > > hacked as well. > > > > I guess in a way it is like using the same password, but people might not be > > thinking of that when they have a "device" on them that they use. > > Wow, that's a serious weakness. Are we sure about this? In order for this to happen, the user would have to explicitly take down the generated AES key while it is being written to the key and then submit it to the other site. I don't think this is really something we need to worry about. Thanks, Ricky pgpwcmJdIFobI.pgp Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Thu, 7 Oct 2010, Ricky Zhou wrote: > On 2010-10-07 07:25:47 PM, Mike McLean wrote: > > On Thu, Oct 7, 2010 at 5:51 PM, Paul Wouters wrote: > > > I have one and I've played with it in fedora. There is however an > > > important > > > catch. The server and the yubikey share the same AES symmetric key. This > > > means > > > that if the yubikey is used for multiple sites by one user, that user is > > > sharing > > > is his "private key" over various external sites. > > > > > > So if fedoraproject would accept it, and the same user uses this yubikey > > > for > > > another site, and that other site gets hacked, then fedoraproject could be > > > hacked as well. > > > > > > I guess in a way it is like using the same password, but people might not > > > be > > > thinking of that when they have a "device" on them that they use. > > > > Wow, that's a serious weakness. Are we sure about this? > In order for this to happen, the user would have to explicitly take down > the generated AES key while it is being written to the key and then > submit it to the other site. I don't think this is really something we > need to worry about. > I had this atack in mind when I designed the burn script. The key never touches the drive during the burning process s othe attack window here, while real, is very tiny. Certainly safer then typing your username and password everywhere all the time :) -Mike -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Thu, Oct 07, 2010 at 08:54:12PM -0400, Paul Wouters wrote: > > I have one and I've played with it in fedora. There is however an important > catch. The server and the yubikey share the same AES symmetric key. This means > that if the yubikey is used for multiple sites by one user, that user is > sharing is his "private key" over various external sites. > > So if fedoraproject would accept it, and the same user uses this yubikey for > another site, and that other site gets hacked, then fedoraproject could be > hacked as well. > > I guess in a way it is like using the same password, but people might not be > thinking of that when they have a "device" on them that they use. > [..] > > http://www.yubico.com/files/Security_Evaluation_2009-09-09.pdf > > Section 5.2. > So I see what you're saying but I think some people are misinterpreting it. The one time passwords generated by the yubikey can safely be used with multiple services. The thing that is unsafe is using the same AES key with multiple ykksm's. Yubico runs a ykksm for people to use with some third party websites that support yubikeys. The fedoraproject provides its own ykksm server. If you use the same AES key with both of these then if one of the servers is compromised, both are compromised. If you only use your key with one of the ykksm's then you can safely use your otps on other sites and there will be no negative ramifications (other than not being able to authenticate). The newer yubikey hardware has provision for two AES keys but I'm not sure how that works and whether it actually allows you to use separate keys with separate servers. Someone will need to look into this. -Toshio pgpyDN1kNs5ba.pgp Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Thu, Oct 07, 2010 at 11:30:43PM -0400, Toshio Kuratomi wrote: > The newer yubikey hardware has provision for two AES keys but I'm not sure > how that works and whether it actually allows you to use separate keys with > separate servers. Someone will need to look into this. Yes, separate keys -- basically two separate configurations in one device. -- Matthew Miller Senior Systems Architect -- Instructional & Research Computing Services Harvard School of Engineering & Applied Sciences -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Thu, 7 Oct 2010, Toshio Kuratomi wrote: > The one time passwords generated by the yubikey can safely be used with > multiple services. The thing that is unsafe is using the same AES key with > multiple ykksm's. Yubico runs a ykksm for people to use with some third > party websites that support yubikeys. The fedoraproject provides its own > ykksm server. If you use the same AES key with both of these then if one of > the servers is compromised, both are compromised. If you only use your key > with one of the ykksm's then you can safely use your otps on other sites and > there will be no negative ramifications (other than not being able to > authenticate). That's what I understood yes. It also means you have to trust any other provider (without a compromise). It also makes the server a target to obtain the AES secrets to try elsewhere. In some sense, an md5 hashed password has less value when taken from a compromised server, as it would still need to be brute forced. > The newer yubikey hardware has provision for two AES keys but I'm not sure > how that works and whether it actually allows you to use separate keys with > separate servers. Someone will need to look into this. I think by pressing down the 1 button for more then 2 seconds, you get the second key. I am not sure if I have such a key (mine is about a year old) I really like the concept of the yubikey - that is the USB keyboard as input method. My company decided not to add this to our products because of the concern of symmetric crypto used. It would be perfect if it had some kind of public key based system like RSA or DSA. One usage of yubikey I would like very much is as storage for the AES encryption key for disk encryption. I'd prefer the disk crypto key to not be on the disk at all, protected by just a passphrase. It would be nice to have it on a yubikey instead. Paul Paul -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Thu, 7 Oct 2010, Mike McGrath wrote: > My understanding on this is, and I reserve the right to misunderstand > this, is that once the AES key is on the yubikey, there is no way to get > it off of there. That key is just used to generate OTP's. So if an > attacker were to get an OTP they could use it to access fedora resources. > But only once (which is kind of the point of the otp). And they'd only be > able to use it once if the real user hadn't used it again making the > attack window smaller. That's right. And since fedora is not using the yubikey as an audit trail, this is fine - anyone with root could obtain anyone AES key and "clone" a yubikey and login as someone else. You might only see some people who know how yubikeys work decide on sticking to one device for multiple services which are not aware they are sharing the same AES key. But it is a clear distinction from say ssh public keys, where I can give everyone my public ssh key without needing to trust the remote party at all (provided I don't use ssh -A to their servers) Paul -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Fri, Oct 08, 2010 at 12:07:34AM -0400, Matthew Miller wrote: > On Thu, Oct 07, 2010 at 11:30:43PM -0400, Toshio Kuratomi wrote: > > The newer yubikey hardware has provision for two AES keys but I'm not sure > > how that works and whether it actually allows you to use separate keys with > > separate servers. Someone will need to look into this. > > Yes, separate keys -- basically two separate configurations in one device. > After a bit of trial and error, I got this working. I now have my yubikey-v2 to send a otp that's associated with fas if I hold the contact for 0.3 – 1.5 seconds and a otp that's registered with yubico's servers if I press for 2.5 – 5 seconds. The sparsity of introductory docs on ykpersonalize made this harder than it should have been. I pieced together the necessary information from this page: http://www.teaparty.net/technotes/yubikey.html and the official upload instructions linked from here: http://www.yubico.com/developers/aeskeys/ and the user's manual http://yubico.com/files/YubiKey_manual-2.0.pdf Writing the second key slot was kinda like this: sudo ykpersonalize -2 -o fixed=vv -a KEY -o -static-ticket -o -strong-pw1 -o -strong-pw2 -o -man-update -o -append-cr -ouid=Y Figuring out ,KEY, and YYY were what I needed to read those documents for. -Toshio pgpBteuQ7TONB.pgp Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
Hi, I am the maintainer for ykpers and libyubikey for Fedora. It's great to see Fedora starting to use these nifty devices! If there is anything I can do to help out and make the use of Yubikey's in the Fedora project into a success, just holler. It might be interesting to add a README.Fedora to the ykpers package explaining how to configure it for both Fedora and Yubico's servers like on the page Toshio linked to. I'll look into that later. One question I don't think has been asked before: Can we eventually make FAS' (beta) OpenID provider functionality work with this? If so, there will be little use for uploading an AES key to Yubico. Because when I use my Yubikeys to authenticate myself, I most often do this through OpenID and there is at least one free OpenID provider with support for Yubikeys (clavid.com). This OpenID provider authenticates me against Yubico's servers. If we can have an OpenID provider service in FAS that authenticates against the AES keys in Fedora's database, I wouldn't need other providers like Clavid or even Yubico's own servers anymore. There would be no more need to use the same AES key for multiple services *and* it would only require one AES key for OTP on my Yubikey, leaving the second slot for a strong static password for e.g. LUKS disk encryption. But I'm not very well informed about the architecture of FAS, so maybe this is incredibly difficult or dangerous... Maxim Burgerhout ma...@wzzrd.com GPG Fingerprint EB11 5E56 E648 9D99 E8EF 05FB C513 6FD4 1302 B48A On Fri, Oct 8, 2010 at 08:03, Toshio Kuratomi wrote: > On Fri, Oct 08, 2010 at 12:07:34AM -0400, Matthew Miller wrote: >> On Thu, Oct 07, 2010 at 11:30:43PM -0400, Toshio Kuratomi wrote: >> > The newer yubikey hardware has provision for two AES keys but I'm not sure >> > how that works and whether it actually allows you to use separate keys with >> > separate servers. Someone will need to look into this. >> >> Yes, separate keys -- basically two separate configurations in one device. >> > After a bit of trial and error, I got this working. I now have my > yubikey-v2 to send a otp that's associated with fas if I hold the contact > for 0.3 – 1.5 seconds and a otp that's registered with yubico's servers if > I press for 2.5 – 5 seconds. The sparsity of introductory docs on > ykpersonalize made this harder than it should have been. I pieced together > the necessary information from this page: > > http://www.teaparty.net/technotes/yubikey.html > > and the official upload instructions linked from here: > > http://www.yubico.com/developers/aeskeys/ > > and the user's manual > > http://yubico.com/files/YubiKey_manual-2.0.pdf > > > Writing the second key slot was kinda like this: > > sudo ykpersonalize -2 -o fixed=vv -a KEY > -o -static-ticket -o -strong-pw1 -o -strong-pw2 > -o -man-update -o -append-cr -ouid=Y > > Figuring out ,KEY, and YYY were what I needed to read those documents > for. > > -Toshio > > ___ > infrastructure mailing list > infrastruct...@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/infrastructure > -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Fri, 8 Oct 2010, Maxim Burgerhout wrote: > Hi, > > I am the maintainer for ykpers and libyubikey for Fedora. It's great > to see Fedora starting to use these nifty devices! > > If there is anything I can do to help out and make the use of > Yubikey's in the Fedora project into a success, just holler. It might > be interesting to add a README.Fedora to the ykpers package explaining > how to configure it for both Fedora and Yubico's servers like on the > page Toshio linked to. I'll look into that later. > > One question I don't think has been asked before: > > Can we eventually make FAS' (beta) OpenID provider functionality work > with this? If so, there will be little use for uploading an AES key to > Yubico. Because when I use my Yubikeys to authenticate myself, I most > often do this through OpenID and there is at least one free OpenID > provider with support for Yubikeys (clavid.com). This OpenID provider > authenticates me against Yubico's servers. If we can have an OpenID > provider service in FAS that authenticates against the AES keys in > Fedora's database, I wouldn't need other providers like Clavid or even > Yubico's own servers anymore. > Actually the only thing blocking the OpenID functionality is that we never got it fully working, it still fails on some sites. If anyone out there knows openid and python, please let us know. > There would be no more need to use the same AES key for multiple > services *and* it would only require one AES key for OTP on my > Yubikey, leaving the second slot for a strong static password for e.g. > LUKS disk encryption. > The attack Paul is talking about is only possible if people are going out of their way to bypass the process we have in place. The key generation is done on the server and sent to the client, that transaction is transient and not stored on disk. Any multiple service authentication all goes through the single yubikey server. -Mike -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Friday, October 08, 2010 12:06:58 am Paul Wouters wrote:
> On Thu, 7 Oct 2010, Mike McGrath wrote:
> > My understanding on this is, and I reserve the right to misunderstand
> > this, is that once the AES key is on the yubikey, there is no way to get
> > it off of there. That key is just used to generate OTP's. So if an
> > attacker were to get an OTP they could use it to access fedora resources.
> > But only once (which is kind of the point of the otp). And they'd only
> > be able to use it once if the real user hadn't used it again making the
> > attack window smaller.
>
> That's right. And since fedora is not using the yubikey as an audit trail,
> this is fine - anyone with root could obtain anyone AES key and "clone"
> a yubikey and login as someone else.
>
> You might only see some people who know how yubikeys work decide on
> sticking to one device for multiple services which are not aware they
> are sharing the same AES key.
>
> But it is a clear distinction from say ssh public keys, where I can give
> everyone my public ssh key without needing to trust the remote party at
> all (provided I don't use ssh -A to their servers)
>
> Paul
Even if you use your yubikey with yubicos servers. and auth against multiple
different providers your AES key is never exposed to to any of the places that
you auth to. you send them only the otp it has a prefix of your AES key in it
but not the whole key. once written to the yubikey your AES key is not
readable. all you can do is replace the AES key.
The plaintext token is 16 bytes long (the same size as one AES block) and
consists of the following fields, in C form.
#define UID_SIZE 6
typedef struct {
uint8_t userId[UID_SIZE]; /* Unique (secret) ID */
uint16_t sessionCtr; /* Session counter (incremented by 1 at startup */
uint24_t timestamp; /* Timestamp incremented by approx 8Hz */
uint8_t sessionUse;/* Times used within session */
uint16_t rnd; /* Pseudo-random value */
uint16_t crc; /* CRC16 value of all fields */
} TICKET;
to actually duplicate someones key you need to not only get the AES key. you
also need to know the session counter and keep yours higher than the real
user. which would make the real users key no longer work. and trigger warning
bells.
So yes someone if they had access to by AES key could duplicate my key but i
would know quickly.
It sounds like you do not fully understand how the yubikeys work. either that
or i dont understand the attack you are describing?
Dennis
signature.asc
Description: This is a digitally signed message part.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Fri, 8 Oct 2010, Dennis Gilmore wrote: > Even if you use your yubikey with yubicos servers. and auth against multiple > different providers your AES key is never exposed to to any of the places that > you auth to. That is correct if different service providers auth the OTP against yubicos servers. However when setting up your key, two places have to store the AES key. One is on your key, and one is on some backend auth server that directly or indirectly authenticates you. > to actually duplicate someones key you need to not only get the AES key. you > also need to know the session counter and keep yours higher than the real > user. which would make the real users key no longer work. and trigger warning > bells. The server validating your OTP ultimately is a server that knows everything about everyone configured yubikey. Whether that is an instance at Fedora, or an instance at yubicos. Things might be mitigated by putting openid in the middle, but ultimately the entire secret of your yubikey has to live at at least two places. This is unlike a public/private keypair solution where the private key can be only in your possession. This introduces an "all eggs in one basket" problem, and yubicos server's would be a very interesting target to attack. Again, I am not saying it makes yubikeys unsafe to use. But it is important to realise that the trust model is very different from a public/private key scheme that is usually found on token devices. You have to fully trust the endserver validating your key with all your secrets. When fedorahosted is compromised, by ssh key is not invalidated. When the yubikey backend server is compromised, everyone needs to zap their keys. There would also be a strong commercial incentive not to make such a compromise public. I am perfectly willing to trust fedora to have my AES key for purposes of logging into fedora servers. But I would not want to trust fedora infrastructure (or yubicos or another ID provider, especially located in for me questionable legal frameworks that include the US) for logging into my own infrastructure or servers or laptop. And if you share your key amonst multiple backend servers, you are reducing your key security to the least secure backend provider. > It sounds like you do not fully understand how the yubikeys work. either that > or i dont understand the attack you are describing? It all comes down to this being based on symmetric crypto, not on public key systems. The secret lives at two places, which is unlike modern crypto systems we've become used to, such as SSL/SSH, RSA/DSA or OTR. And again, I'd happilly use a yubikey with fedorahosted. I do think it is strong enough. Anf it will be useful for a lot of people especially because it is so much more affordable compared to other token based systems, and because the USB keyboard method allows for easy integration into most auth systems that deal with user/passwords. However for our own purposes, this system did not provide the security features we deemed mandatory (no coercion by third party, no sharing private key, no relaying trust to third parties, verifiable audit trail). I just wanted to relay this information so people understand the concepts, features and risks of yubikeys. Paul -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Fri, Oct 08, 2010 at 11:47:43AM +0200, Maxim Burgerhout wrote: > If there is anything I can do to help out and make the use of > Yubikey's in the Fedora project into a success, just holler. It might Fixing the pam module to not crash might be good. :) Have you considerd packaging up the server-side software? -- Matthew Miller Senior Systems Architect -- Instructional & Research Computing Services Harvard School of Engineering & Applied Sciences -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On 2010-10-08 10:57:16 AM, Matthew Miller wrote: > On Fri, Oct 08, 2010 at 11:47:43AM +0200, Maxim Burgerhout wrote: > > If there is anything I can do to help out and make the use of > > Yubikey's in the Fedora project into a success, just holler. It might > > Fixing the pam module to not crash might be good. :) > > Have you considerd packaging up the server-side software? dgilmore and mmcgrath have already started on this: https://bugzilla.redhat.com/show_bug.cgi?id=637212 https://bugzilla.redhat.com/show_bug.cgi?id=637213 Thanks, Ricky pgpkSXakWuHqk.pgp Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Fri, Oct 8, 2010 at 08:48, Paul Wouters wrote: > On Fri, 8 Oct 2010, Dennis Gilmore wrote: > >> It sounds like you do not fully understand how the yubikeys work. either that >> or i dont understand the attack you are describing? > > It all comes down to this being based on symmetric crypto, not on public key > systems. The secret lives at two places, which is unlike modern crypto systems > we've become used to, such as SSL/SSH, RSA/DSA or OTR. Correct. It is a problem with several OTP implementations I have dealt with in the past. Thankfully it is better than one where we figured out you knew one password you could figure out the next because it was next = previous * 3 +1 mod 7 (or something close). My hat was off to the fellow who looking at the 12 character hex code figured out the pattern in a couple of minutes. So from this analysis, we should a) look at making sure where the keys are stored meet a high expectation of security and privacy. and b) that we should make sure that if a problem occurs that we can rekey things quickly, and c) audit the system regularly. I don't know if regularized rekeying of yubi's would buy or help us any. -- Stephen J Smoogen. “The core skill of innovators is error recovery, not failure avoidance.” Randy Nelson, President of Pixar University. "We have a strategic plan. It's called doing things."" — Herb Kelleher, founder Southwest Airlines -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On 10/07/2010 10:58 PM, Paul Wouters wrote: > One usage of yubikey I would like very much is as storage for the AES > encryption key for disk encryption. I'd prefer the disk crypto key to > not be on the disk at all, protected by just a passphrase. It would be > nice to have it on a yubikey instead. I just ordered a yubikey for this express purpose, we have a product under development that has an encrypted partition that gets decrypted by a key on a USB thumbdrive - not the best... When I saw these I immediately thought I should see about getting them used to unlock encrypted partitions!... I'll keep you informed. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Fri, 8 Oct 2010, Nathanael D. Noblet wrote: > On 10/07/2010 10:58 PM, Paul Wouters wrote: >> One usage of yubikey I would like very much is as storage for the AES >> encryption key for disk encryption. I'd prefer the disk crypto key to >> not be on the disk at all, protected by just a passphrase. It would be >> nice to have it on a yubikey instead. > > I just ordered a yubikey for this express purpose, we have a product > under development that has an encrypted partition that gets decrypted by > a key on a USB thumbdrive - not the best... When I saw these I > immediately thought I should see about getting them used to unlock > encrypted partitions!... I'll keep you informed. Note that yubikeys are not (yet) usable for this. You cannot request the AES key from it (AFAIK), only an OTP. And the OTP can also not be used to unlock an AES key on the harddisk because it is different for each activation. Paul -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/8/10 2:48 PM, Paul Wouters wrote: > On Fri, 8 Oct 2010, Nathanael D. Noblet wrote: > >> On 10/07/2010 10:58 PM, Paul Wouters wrote: >>> One usage of yubikey I would like very much is as storage for the AES >>> encryption key for disk encryption. I'd prefer the disk crypto key to >>> not be on the disk at all, protected by just a passphrase. It would be >>> nice to have it on a yubikey instead. >> >> I just ordered a yubikey for this express purpose, we have a product >> under development that has an encrypted partition that gets decrypted by >> a key on a USB thumbdrive - not the best... When I saw these I >> immediately thought I should see about getting them used to unlock >> encrypted partitions!... I'll keep you informed. > > Note that yubikeys are not (yet) usable for this. You cannot request the > AES key from it (AFAIK), only an OTP. And the OTP can also not be used to > unlock > an AES key on the harddisk because it is different for each activation. > > Paul Can't you use one of the slots on newer yubikeys for a static (long) passphrase? - -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyvlPcACgkQ4v2HLvE71NUU6QCfVhnyXcanEfFYtfezMSMP/Vp1 Xd8AnjTo9+aJRsY3v+Sb5UmJ3LgY1lDl =HbZS -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Fri, 8 Oct 2010, Jesse Keating wrote: >> Note that yubikeys are not (yet) usable for this. You cannot request the >> AES key from it (AFAIK), only an OTP. And the OTP can also not be used to >> unlock >> an AES key on the harddisk because it is different for each activation. > > Can't you use one of the slots on newer yubikeys for a static (long) > passphrase? That could be. I have not used the Yubikey 2 yet. The manual mentions something on page 16 of http://www.yubico.com/files/YubiKey_manual-2.0.pdf but it is confusing to me as it talks about a static password updating the OTP. Paul -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
On Fri, Oct 8, 2010 at 16:57, Matthew Miller wrote: > On Fri, Oct 08, 2010 at 11:47:43AM +0200, Maxim Burgerhout wrote: >> If there is anything I can do to help out and make the use of >> Yubikey's in the Fedora project into a success, just holler. It might > > Fixing the pam module to not crash might be good. :) You mean this[1]? It's fixed in r210 upstream. [1] http://code.google.com/p/yubico-pam/issues/detail?id=11 Maxim Burgerhout ma...@wzzrd.com GPG Fingerprint EB11 5E56 E648 9D99 E8EF 05FB C513 6FD4 1302 B48A -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
Paul Wouters writes: > On Fri, 8 Oct 2010, Nathanael D. Noblet wrote: > >> On 10/07/2010 10:58 PM, Paul Wouters wrote: >>> One usage of yubikey I would like very much is as storage for the AES >>> encryption key for disk encryption. I'd prefer the disk crypto key to >>> not be on the disk at all, protected by just a passphrase. It would be >>> nice to have it on a yubikey instead. >> >> I just ordered a yubikey for this express purpose, we have a product >> under development that has an encrypted partition that gets decrypted by >> a key on a USB thumbdrive - not the best... When I saw these I >> immediately thought I should see about getting them used to unlock >> encrypted partitions!... I'll keep you informed. > > Note that yubikeys are not (yet) usable for this. You cannot request the > AES key from it (AFAIK), only an OTP. And the OTP can also not be used to > unlock > an AES key on the harddisk because it is different for each activation. The YubiKey with firmware 2.2 (latest) supports an challenge-response HMAC-SHA1 mode that probably can be used for this. You feed a pass phrase to the YubiKey, and it responds with a static string generated from the pass phrase using HMAC-SHA1. It will be the same output every time if the input is the same. The output would then be used as the encryption key. Of course, you still need to trust the software on your machine to not leak the HMAC-SHA1 output.. If anyone is trying something like this, I'm interested to hear about progress. Encrypting disks assisted with an external device is something I'd like to see. /Simon -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Yubikeys are now supported
Maxim Burgerhout writes: > Hi, > > I am the maintainer for ykpers and libyubikey for Fedora. It's great > to see Fedora starting to use these nifty devices! > > If there is anything I can do to help out and make the use of > Yubikey's in the Fedora project into a success, just holler. Hi -- I likewise want to congratulate you on adding support for this to the Fedora infrastructure (and thanks Maxim for packaging work). I work for Yubico and if there are any questions or issues with the YubiKey that you can encounter, please let me know and can accelerate an answer. I have re-read this thread, and from what I can tell, you got all current questions resolved, but if I missed something, please let me know. /Simon -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
