Yubikeys are now supported

Dennis Gilmore dennis at ausil.us
Fri Oct 8 14:15:07 UTC 2010


On Friday, October 08, 2010 12:06:58 am Paul Wouters wrote:
> On Thu, 7 Oct 2010, Mike McGrath wrote:
> > My understanding on this is, and I reserve the right to misunderstand
> > this, is that once the AES key is on the yubikey, there is no way to get
> > it off of there.  That key is just used to generate OTP's.  So if an
> > attacker were to get an OTP they could use it to access fedora resources.
> > But only once (which is kind of the point of the otp).  And they'd only
> > be able to use it once if the real user hadn't used it again making the
> > attack window smaller.
> 
> That's right. And since fedora is not using the yubikey as an audit trail,
> this is fine - anyone with root could obtain anyone AES key and "clone"
> a yubikey and login as someone else.
> 
> You might only see some people who know how yubikeys work decide on
> sticking to one device for multiple services which are not aware they
> are sharing the same AES key.
> 
> But it is a clear distinction from say ssh public keys, where I can give
> everyone my public ssh key without needing to trust the remote party at
> all (provided I don't use ssh -A to their servers)
> 
> Paul

Even if you use your yubikey with yubicos servers. and auth against multiple 
different providers your AES key is never exposed to to any of the places that 
you auth to.  you send them only the otp  it has a prefix of your AES key in it 
but not the whole key.  once written to the yubikey your AES key is not 
readable. all you can do is replace the AES key.

The plaintext token is 16 bytes long (the same size as one AES block) and
consists of the following fields, in C form.
#define UID_SIZE 6
typedef struct {
uint8_t userId[UID_SIZE];  /* Unique (secret) ID */
uint16_t sessionCtr;     /* Session counter (incremented by 1 at startup */
uint24_t timestamp;  /* Timestamp incremented by approx 8Hz */
uint8_t sessionUse;    /* Times used within session */
uint16_t rnd;               /* Pseudo-random value */
uint16_t crc;               /* CRC16 value of all fields */
} TICKET;


to actually duplicate someones key you need to not only get the AES key.  you 
also need to know the session counter and keep yours higher than the real 
user.  which would make the real users key no longer work. and trigger warning 
bells.

So yes someone if they had access to by AES key could duplicate my key  but i 
would know quickly.

It sounds like you do not fully understand how the yubikeys work. either that 
or i dont understand the attack you are describing?

Dennis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20101008/e02d5867/attachment.bin 


More information about the devel mailing list