2FA: U2F-based two factor authentication

[Taipo]

U2F: Is there a plan in the future to optionally integrate Yubikeys into at least the admin login process or even the receiver login process?

[fpietrosanti]

@taipo Actually there's not yet such a plan in the roadmap, btw there's a plan with Tor 0.2.7 to integrate 3 different Tor Hidden Service for Whistleblower, Receiver and Admin interface.

Regarding YubiKeys i see that there's a Twisted implementation supporting some kind of integration there https://github.com/cyli/txYubikey if you wish to play with the code.

We shall consider that with the upcoming release of client side end-to-end encryption, we're trying to keep a single password for use of authentication and encryption, but introducing a 2-facto authentication would require to keep them separated.

[evilaliv3]

As an update on this ticket an interesting package that we could use is python-u2flib-server.

python-u2flib-server is the official package by Yubico: https://github.com/Yubico/python-u2flib-server it is already packaged for the recent ubuntu/debian distributions so that when we will be ready to implement the fully debian package for xenial this could be integrated as well.

the implementation also appear to be really simple as documented here: https://developers.yubico.com/U2F/Libraries/Using_a_library.html

https://demo.yubico.com/js/u2f-api.js https://github.com/ashtuchkin/u2f https://github.com/Yubico/python-u2flib-server

[fpietrosanti]

That's now implemented @evilaliv3 right?

[evilaliv3]

No @fpietrosanti, U2F (Fido) is the standard used by Yubi keys