31

If I have a security key (U2F key) like yubikey and use it on websites A and B and the owner of these two websites is the same, can the website owner know that I am the same user?

cooker
  • 391
  • 3
  • 6

3 Answers3

43

The owner of the two sites may be able to track you from one site to the other using methods such as browser fingerprinting or other ways of tracking users as they surf from site to site; but they won't be able to track you from site to site by way of your Yubikey. Yubikey relies on FIDO2, and the developers of FIDO2 considered this problem. See https://fidoalliance.org/fido2/, and scroll down to where it reads:

Privacy

Because FIDO cryptographic keys are unique for each internet site, they cannot be used to track users across sites. Plus, biometric data, when used, never leaves the user’s device.

mti2935
  • 19,868
  • 2
  • 45
  • 64
  • 1
    Side note: If you're worried about being tracked between sites, I recommend getting [Ghostery](https://www.ghostery.com/) and/or [Privacy Badger](https://privacybadger.org/). They're not perfect, but they do a pretty good job. – BlueRaja - Danny Pflughoeft Nov 26 '21 at 21:23
  • There is one thing to be aware of: if the site is using attestation, the site will know the make and model of the key and potentially that it belongs to a certain batch of devices. This could be used to provide fingerprinting information, which is why most browsers warn if attestation is requested. – user71659 Nov 28 '21 at 04:45
  • 1
    Probably just the fact that YOU'RE ONE OF THE FEW PEOPLE USING A YUBIKEY combined with basic things like browser type, resolution and version numbers, is enough to ID you. – drxzcl Nov 28 '21 at 14:54
6

Yes, if they are "evil" enough.

There are a lot of ways to track you across websites even if you don't use an U2F key as @mti2935 mentions, but if they are especially interested in correlating the different keys on your hardware device (of even in correlating different hardware devices, if you them all plugged-in at the same time, and they don't require separate extra authentications on each access) they could use techniques to correlate them (eg. on site A, make an iframe with random token opening small/invisible part of site B having same token - your browser would authenticate on site A with key A, and on site B with key B, so they would that both key A and key B accessed URLs containing the same token, so are belonging to the same visitor)

Matija Nalis
  • 2,115
  • 12
  • 18
  • 11
    But even then they would be correlating the same browser session/cookies, not the same U2F keys. So I think answer by @mti2935 still stands. – eis Nov 26 '21 at 13:10
2

Good question.

It is common peculiarity in the security hardware (and software) that the keys it generates have some non-uniform distribution in the space of possible keys. This is usually acceptable, as long as the keys don't get too much predictable.

In some cases, the keys can be recognized as generated by a particular software or device. This is still acceptable, as long as the whole keyspace is not much reduced.

In some extreme cases, the key generation algorithm has some grave bug that makes it generate repeating keys (see e.g. here or here) because of insufficient entropy used.

Of course, the last case is pretty bad.

An algorithm that generates keys that are recognizable as generated by the same instance should be considered profoundly broken. It would boil down to keys being dependent on some initial seed of the random generator and a little entropy is added between key generations.

Yubikeys in particular have a mixed reputation. On one hand, their software is partly closed, on the other hand, they are pretty much popular and a lot of people search them for vulnerabilities.

I would be particularly concerned with this, meaning that the vendor is of particular interest of a powerful state-sponsored hacking groups. This may mean either that they are "good enough" against a state-backed hacking or that they are already compromised.

Your mileage may vary.

fraxinus
  • 3,425
  • 5
  • 20