On Friday, October 08, 2010 12:06:58 am Paul Wouters wrote:
> On Thu, 7 Oct 2010, Mike McGrath wrote:
> > My understanding on this is, and I reserve the right to misunderstand
> > this, is that once the AES key is on the yubikey, there is no way to get
> > it off of there. That key is just used to generate OTP's. So if an
> > attacker were to get an OTP they could use it to access fedora resources.
> > But only once (which is kind of the point of the otp). And they'd only
> > be able to use it once if the real user hadn't used it again making the
> > attack window smaller.
>
> That's right. And since fedora is not using the yubikey as an audit trail,
> this is fine - anyone with root could obtain anyone AES key and "clone"
> a yubikey and login as someone else.
>
> You might only see some people who know how yubikeys work decide on
> sticking to one device for multiple services which are not aware they
> are sharing the same AES key.
>
> But it is a clear distinction from say ssh public keys, where I can give
> everyone my public ssh key without needing to trust the remote party at
> all (provided I don't use ssh -A to their servers)
>
> Paul
Even if you use your yubikey with yubicos servers. and auth against multiple
different providers your AES key is never exposed to to any of the places that
you auth to. you send them only the otp it has a prefix of your AES key in it
but not the whole key. once written to the yubikey your AES key is not
readable. all you can do is replace the AES key.
The plaintext token is 16 bytes long (the same size as one AES block) and
consists of the following fields, in C form.
#define UID_SIZE 6
typedef struct {
uint8_t userId[UID_SIZE]; /* Unique (secret) ID */
uint16_t sessionCtr; /* Session counter (incremented by 1 at startup */
uint24_t timestamp; /* Timestamp incremented by approx 8Hz */
uint8_t sessionUse; /* Times used within session */
uint16_t rnd; /* Pseudo-random value */
uint16_t crc; /* CRC16 value of all fields */
} TICKET;
to actually duplicate someones key you need to not only get the AES key. you
also need to know the session counter and keep yours higher than the real
user. which would make the real users key no longer work. and trigger warning
bells.
So yes someone if they had access to by AES key could duplicate my key but i
would know quickly.
It sounds like you do not fully understand how the yubikeys work. either that
or i dont understand the attack you are describing?
Dennis
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
