3

I've been messing around with my Google Titan Key and learned that each authentication challenge returns a counter for how many times the key has been accessed.

The only way I can think that this works is that there's some storage on the device. That would mean that there's a limit for the number of applications that can register with the device.

How many applications can I register with my Google Titan Key and what can I expect to happen when I go to register 1 too many?

Corey Ogburn
  • 732
  • 5
  • 15
  • The U2F spec allows the counter to be either specific to a registration or global across all registrations. I don't currently have a Titan key, so I couldn't tell you which it is. – AndrolGenhald Oct 12 '18 at 17:36
  • It's specific to a registration on my device. When I specify a new appID and challenge, I get a fresh value for the counter. Switching back to previous app/challenge pairs gets me the original counter for that pair (+1 of course). – Corey Ogburn Oct 12 '18 at 17:37
  • @dandavis Yes, I wrote my own Go code. Well, I used a library or two but it's definitely direct device interaction without any network calls: https://github.com/developanunderstanding/u2f – Corey Ogburn Oct 12 '18 at 19:13
  • 1
    @dandavis The spec requires counter(s) to be stored locally as a way to detect cloning (not a big issue for a good hardware token, but software tokens were a consideration). Given that Google was involved in creating the spec I'd be surprised if their own device was non-compliant. I just went back and looked and the spec also allows "buckets" of counters, so registrations could share a counter if they end up in the same bucket. I don't think you'll get a definitive answer without hearing from Google, breaking it with too many registrations, or finding two registrations that share a counter. – AndrolGenhald Oct 12 '18 at 19:23
  • fair enough, thanks for that. this is a good question then, though i suppose with the cost of flash these days, the answer is approx "a ton"... – dandavis Oct 12 '18 at 19:26
  • @AndrolGenhald So when a server receives an Authentication response with a counter, it just needs to verify that the received value is greater than the previous counter? It's not guaranteed that the counter is exactly +1 what it was last time? I didn't realize the counters might be shared. That opens it up to virtually infinite registrations if I understand the rest properly. – Corey Ogburn Oct 12 '18 at 19:26
  • @dandavis Oh I'm sure the number of registrations is "a ton." 4MB would be a million registrations if there was 1x 4 byte counter per registration. I was worried that somebody could "fill up" my key by brute forcing random appIDs and challenges. I can't imagine it'd fill up under normal usage. – Corey Ogburn Oct 12 '18 at 19:30

0 Answers0