Closed jeantil closed 7 years ago
homakov
commented
7 years ago First of all, it's against Scalability principle - we serve needs of the general public only. So there must be no hardware requirements at this stage.
Second, it gains no significant security just makes exploitation delayed as you can see in the table. I'm working on u2f-killswitch to demo it.
jeantil
commented
7 years ago Scalability principle I'm requesting this as an additionnal option for increased security not a mandatory requirement. Considering that some companies distribute smartcards and y
Second, it gains no significant security just makes exploitation delayed as you can see in the table. I'm working on u2f-killswitch to demo it.
I was not talking about implementing u2f using the yubico services. I was talking about relying on the crypto capabilites of the smartcard which is embedded in the yubikey.
Basically securelogin would request the smartcard to sign/encrypt using the cards embedded key instead of creating and using its own private key stored on a generaly purpose storage in a general purpose computer. You don't even have to trust yubico since you can write (but not read back) your own private key to the smartcard. This way the actual private key is stored in a write only device and cannot be compromised by things like trojan, viruses, etc.
homakov
commented
7 years ago You don't even have to trust yubico since you can write (but not read back) your own private key to the smartcard.
This sounds better. It's worth exploring and falls under #16
Do all cards allow writing your own key? E.g. yubikey neo?
jeantil
commented
7 years ago as far as I understand it the only key which wouldn't support writing your own key is the fido U2F since it doesn't have a smartcard chip.
source => https://www.yubico.com/products/yubikey-hardware/compare-yubikeys/
There are tutorials around on how to create gpg private keys on the smartcard. such private keys can then be used to sign or encrypt messages or binaries depending on your exact setup.
see https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/ https://developers.yubico.com/PGP/SSH_authentication/ https://github.com/drduh/YubiKey-Guide
my hypothesis is that it could be possible to use this to have a safe private key without depending on yubico :)
My suggestion is more general though, as there are other hardware providers for usb smartcards out there.
homakov
commented
7 years ago Closing this, it's a very distant task. Current target is general consumer device, and very few people have smart cards.
The SecureLogin vs X table says that with securelogin the cryptographic key never leaves the device. This is fine as long as the device can't be easily compromised.
Storing the key on a macbook pro or in a phone means it can be lifted and used to impersonate a user.
Hardware tokens such as the yubikey or smartcards in general may cost money (once) but the key can't be extracted (without expending considerable resources at least).
It would be nice to have the option of being able to use a hardware token provided key for the securelogin.