On Thu, Feb 5, 2015 at 10:50 AM, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote: > On Thu, 2015-02-05 at 18:26 +0000, David Woodhouse wrote: >> > > Hi, >> > > One of the presentations in fosdem's security devroom was about U2F. As >> > > far as I understood U2F is smart card which provides unique per server >> > > ECDSA256 keys. Those could be stored in the card or in the PC similarly >> > > to TPM (i.e., encrypted using a key that depends on the card and the >> > > site). The protocol includes registration, and is a simple >> > > challenge-response process. The differences between a PKCS #11 smart >> > > card and that one, is the specified registration protocol as well as its >> > > driverless nature. The U2F protocol is however limited to secp256r1 curve >> > > and cannot be extended beyond it. What do you think of that? Would it make >> > > sense to support it in openconnect? >> > From an ease-of-use standpoint, U2F is much nicer than typing OTPs. >> > The Yubico NEO-N can be left in your USB slot indefinitely, and used >> > on demand. >> That's true when using it for HOTP/TOTP too, isn't it? By "typing OTPs" I was referring to the traditional plastic hard tokens with LCD displays (RSA SID700 and similar) or a software token running on a mobile phone. Using something like a Yubikey Nano in HOTP mode is a usability improvement over these, although you do still need to worry somewhat about focusing on the text input field, avoiding double taps, etc. > I guess so. The advantage however of U2F over HOTP/TOTP is that you > don't need an additional shared secret with the server. The relation is > pretty asymmetric as the server only needs to hold your public key > similarly to ssh. One reason you might not want to leave an HOTP token in the slot is that somebody could tap the token when you aren't looking and pre-generate a bunch of tokencodes. i.e. the tokencode doesn't prove that the hardware token was physically present at the time of the access request. Also, accidentally bumping it too many times could cause the token to get out of sync with the server, and will paste random tokencodes into whatever program is running at the moment. This isn't a problem with the U2F devices.
