Re: Yubikeys are now supported

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Oct 8, 2010 at 08:48, Paul Wouters <paul@xxxxxxxxxxxxx> wrote:
> On Fri, 8 Oct 2010, Dennis Gilmore wrote:
>

>> It sounds like you do not fully understand how the yubikeys work. either that
>> or i dont understand the attack you are describing?
>
> It all comes down to this being based on symmetric crypto, not on public key
> systems. The secret lives at two places, which is unlike modern crypto systems
> we've become used to, such as SSL/SSH, RSA/DSA or OTR.

Correct. It is a problem with several OTP implementations I have dealt
with in the past. Thankfully it is better than one where we figured
out you knew one password you could figure out the next because it was
next = previous * 3 +1 mod 7 (or something close). My hat was off to
the fellow who looking at the 12 character hex code figured out the
pattern in a couple of minutes.

So from this analysis, we should a) look at making sure where the keys
are stored meet a high expectation of security and privacy. and b)
that we should make sure that if a problem occurs that we can rekey
things quickly, and c) audit the system regularly.

I don't know if regularized rekeying of yubi's would buy or help us any.


-- 
Stephen J Smoogen.
“The core skill of innovators is error recovery, not failure avoidance.”
Randy Nelson, President of Pixar University.
"We have a strategic plan. It's called doing things.""
— Herb Kelleher, founder Southwest Airlines
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux