1

I like LastPass but having to have it as a browser plugin means an attacker could steal all my passwords at once. It makes a lot of sense to use a hardware device to store my passwords, like yubikey does. But then losing it would be a problem.

The best way would be to use yubikey to deterministically generate a password for each site given the site's URL, my username and some nonce so I can change passwords for an specific site if I have to.

I know that yubikey has some sort of challenge response but it cannot be backed up like an open gpg curve.

I'd like to know if there are solutions to this problem that does what I said but using RSA with yubikey/others, and what are the possible flaws. For example, my password on each site would be soething like this: 

hash(rsa_signature(url, username, nonce))[0,n]

that is, my password would be the first n characters of the hash of the signature of the url, username and nonce concatenated together. The hash would be good to anonimize me so my signature can't be tested against my public key. Such a service would only have to keep track of nonce and n for each url and username.

I've read some posts about this, so please don't mark as duplicate:

Is this idea for a password manager secure? If so, why doesn't anybody use it? - not for hardware devices, so keyloggin is an issue. Not in my scheme.

Password Managers: encrypted database vs hashing strategy - no mention about nonce

PPP
  • 111
  • 4

1 Answers1

1

The first problem is, that if you loose the device with the nonce, you can't recover anyway. There is no point in having it be deterministic if you add non-deterministic nonce.

Second problem is, that they can login to the site by capturing the password anyway. Just slight modification to the keylogger. It is always the same. That is why challenge response is being used.

IMHO the best solution would be to use challenge response and add two yubikeys or other tokens, one for normal use and one as a backup in case the primary one is lost.

Peter Harmann
  • 7,728
  • 5
  • 20
  • 28
  • I think I didn't understand challenge response then. How it is different from what I said? Also the nonce was meant to be backed up, of course. – PPP Apr 21 '18 at 21:35
  • @Lucas Zenella challenge response can work in many ways but the simplest is something like: server sends random string and sequenc number (it increases it). User does "Login" + username + URL + time + what server sent and signs it using its private key. The server verifies. It can never be used again as all the atuff server sent will never repeat. So if the attacker captures it, there is no problem. – Peter Harmann Apr 22 '18 at 01:23
  • Yes, that's truly better, but I'd have to wait for every site to support it, which will never happen – PPP Apr 22 '18 at 02:15
  • @LucasZanella Unfortunately yes, but the most important sites usually support it and I think it is acceptable to use password manager (+ 2FA) for the rest. You don't really need hardware token for forums and stuff like that. – Peter Harmann Apr 22 '18 at 11:57
  • @LucasZanella Another option is OAuth, if you trust one of the large companies that provide it. OAuth support is much more widespread. – Peter Harmann Apr 22 '18 at 11:57
  • Which type of 2FA? I like the most common one like the one used by Google Authenitcator because I can back up the QR code. The solutions provided by yubikey can't be backed up. – PPP Apr 22 '18 at 14:25
  • @LucasZanella You should really backup the backup codes, not the QR code. If you backup codes are stolen, you can tell when they are used. You can't easily tell if your QR code was stolen. Also, I don't know whether there is something like backup codes for U2F (yubikey) but if there is, that would be preferable, as the TOTP code may be extracted from your phone by malware or other means (unlikely but possible) and your phone is easier to get and abuse than a HW token. – Peter Harmann Apr 22 '18 at 15:29