12

i got my YubiKey 4 today and first tried it to use KeePass with OATH-HOTP (OtpKeyProv plugin). My Configuration was 3 OTPs with look-ahead count = 0. It was not working that good because sometimes the OtpKeyProv plugin did not recognize my input when i pressed the button too fast. So i changed to 6 OTPs with look-ahead count = 12. But with that it was not "that comfortable" anymore because i needed to press the button 6 times and had to wait a few seconds between the pressed to be sure the plugin recognizes the input.

So i tried the challenge-response method with the KeeChallenge Plugin. it just worked flawless. does anything speak against using the challenge-response method with the KeeChallenge Plugin or is it safe to use? i know the OtpKeyProv plugin is more secure but does that make that much of a difference?

DrGimpfeN
  • 121
  • 1
  • 3

2 Answers2

1

depending how how the plugin does it internally this can be quite an intresting way of adding security.

essentially this thing misuses HOTP big time, by calculating the next however-many OTPs needed and forms them together with the master pass to encrypt the database.

but of course when you have lookahead active (and you really should, especially on a nano) it generates a few more sequences of keys in case you incresed the counter accidentially.

The idea behind it isnt bad, although obviously keepass needs to store the seed (shared secret) in the database to allow for re-encrypting it.

the keechallenge plugin works on the same premise: hashing a shared secret with some kind of challenge (the counter in HOTP), but this plugin is actually safer from a few standpoints.

1) it provides a 160 bit output of HMAC-SHA1 instead of "just" of log2(10^(6*x)) bits (x is the number of consecutive OTPs you select, 8 consecutive OTPs would you get just to 159 and a half bits of length)

Simply saying, you need to tap MUCH less for the same security Level, and while the OTP plugin could probably be configured to use a ton of OTPs for even higher security, with modifications the Challenge-Response plugin could also run multiple challenges throwing the number of bits through the roof, with again just an eighth of the needed taps (and no concern of mis-tapping and not getting the proper sequence).

2) as the challenge is provided from the database, we dont need to worry about accidentially touching the key or lookaheads, which means we dont need to lower the security by allowing multiple second factor solutions to get in.

Simply said number 2 means the Yubi only has the Secret and the DB has what could be called the "state" of the challenge, while in TOTP, the Yubi has both the state and the secret needed to decrypt the DB and the state changes everytime you touch the key, meaning you would need to account for multiple states.

although obviously the shared secret still needs to be stored in one way or another inside the database (unless you don't change the challenge at all, but that's reckless).

My1
  • 394
  • 2
  • 12
-4

You should be aware that any mechanism to implement 2factor with KeePass is not fundamentally adding any true security. Any attacker who gets a hold of your database will simply not install the OTPKeyProv plugin, and will not be required to use the second factor.

OTP 2-factor provides authentication, not encryption, and only works in scenarios where the attacker does not have direct access to the password vault prior to authentication, such as with online services like LastPass. With KeepPass, the attacker must have access to the database during authentication, and as such can simply download the database and ignore the authentication piece.

More simply: Using OtpKeyProv does not add any security to your master key and is mostly security theatre.

EDIT: I stand corrected on some fronts-- based upon the plugin author's responses, the plugin is designed to add an additional secret key to the master password and protect it using HOTPs. Precisely how that is done is unclear but it sounds plausible. However, it should be noted that this is not true 2-factor, and is more like factor-and-a-half; the main factor (encryption key) is being strengthened by a weaker key that is itself weakly guarded. So it is additional security, but not as much as true 2-factor offers in authentication systems.

Pringle
  • 111
  • 2
  • 3
    It is worth noting the [discussion on the keepass forum](https://sourceforge.net/p/keepass/discussion/329220/thread/273fdad3/) which states this post is "*largely incorrect because the OTPKeyProv plugin does provide a true second factor called the Secret Key*" and "*If an attacker bypassed the OTPKeyProv plugin the complete Master Key would still be needed (e.g. the Master Password AND the Secret Key) to access the database.*" – Andy Brown Feb 28 '16 at 13:23
  • The OTP - Plugin will just harden the encryption by a short secret. This doesnt change any major part of the answer despite that it maybe adds some more length to your password. The main answer remains: An attacker doesnt need to use that plugin and he doesnt need to get the OTP if he can just bruteforce the whole thing (master+secret). Thats why OTP should be mainly used for authentification, not encryption. – James Cameron Mar 30 '16 at 10:18
  • 9
    Sorry that is just plain wrong. It depends on what you try to achieve. Using a second factor is NEVER about harding the encryption it's about making the authentication more secure e.g. to harden it against keyloggers. So the hole point of this response is nonsense. And as @AndyBrown stated you can not simply bypass the second factor by "not using the plugin". It will not open. So you will have to BF the KeePass AES256 encryption. As of today: good luck with that. If you find this usefull please upvote me. Once I have 125 points I can downvote that crap answer above. – omni Apr 01 '16 at 09:26
  • This answer does not address the question whatsoever. The question states “does anything speak against using the challenge-response method with the KeeChallenge Plugin or is it safe to use?” while this answer does not even mention KeeChallenge at all. Instead, it focuses entirely on dubious claims about OTPKeyProv. – Socob Jan 16 '17 at 04:22
  • 2
    @masi I downvoted for you. – A. Hersean Jan 24 '17 at 13:46
  • @masi Authentication makes no sense where the attacker controls the database and the code being run; in that case, the only access control that works is encryption. The author of the plugin explicitly notes in the article linked that the purpose of his plugin is to strengthen encryption. He even agrees with me -- that fundamentally 2factor is about auth, not encryption. Second, without the plugin you have to BF (MasterPassword) + (a much weaker key). It does not appreciably help against keyloggers, since anyone with keylogger rights will just grab the secret out of RAM. – Pringle Jan 26 '17 at 02:24
  • @Pringle I never said that 2factor is not about auth, quite the opposite is true - read my comment again. The goal of this plugin is not to add strength to the key (you still need a strong master pw and you're right about the weak key used by the plugin (still "weak" is not as weak as most users pw's I've seen)) but to make it not possible for a keylogger to just log your input. So even if someone logs your pass they'll still have to BF the plugins key-part, which atleast adds some protection against that attack. And "grab the pw out of RAM" won't work. Keepass takes care about that. – omni Jan 26 '17 at 18:18
  • @Pringle btw reading your edit I noticed that you're talking about the OtpKeyProv plug-in while I'm referencing the KeeChallenge plug-in. Doesn't change anything about the discussion thought: I still say that the way both add a second key-part that cannot easily be logged by keyloggers adds security to the database. And while the second key might be weaker then your master pw it can't be just "skipped" as your post sais. A attacker still would have to BF that part. – omni Jan 26 '17 at 18:25
  • @Pringle while generally true the approach of these plugins dont use TOTP which changes upon time but HOTP (which uses a counter) or challenge-response hashing (which obviously uses a challenge), sure they misuse them big time for adding strength to the encryption but the Idea behind it is pretty solid except that the secret needs to be stored for the re-encryption with the new counter or challenge. – My1 Oct 29 '17 at 17:47
  • @Pringle also whether the Key provided by the Yubi is "much weaker" depends a LOT on how many OTPs you use or whether you just go straight for challenge/response, as noted in my answer. on top of that, as far as I can grasp how Windows seperates applications not every keylogger can read Keepass's DB in RAM but it would need admin permissions, similar to other applications that play around in RAM like CheatEngine, while Applications that run on your key inputs like autohotkey can run as the normal user unless they want to track an application that is in Admin state. – My1 Aug 02 '18 at 09:24