11

From what I understand, a YubiKey stores a secret key which can be used to generate passwords to enter a server.

How does a YubiKey protect it's secret key?

If it is plugged into an infected computer, wouldn't the secret key be compromised?

Also, is it possible for a computer virus to "infect" a YubiKey?

Pacerier
  • 3,253
  • 6
  • 34
  • 61

2 Answers2

7

If it is plugged into an infected computer, wouldn't the secret key be compromised?

The yubikey stores the key on its internal storage media -- the exact mechanism varies depending on the type of key. When yubikey is plugged into a computer, it is recognized as a USB keyboard. Pressing the sole button on the yubikey will send a string of characters containing your one-time password, just as if they were typed via a USB keyboard. The manufacturer assures that the secret key used to generate one-time passwords can never be read off of the device, regardless of the software installed on the computer it's plugged into.

Also, is it possible for a computer virus to "infect" a YubiKey?

Everything is possible, but would be very hard considering the limited functionality of a yubikey.

mricon
  • 6,238
  • 22
  • 27
  • How does it actually assure that the secret key cannot be read off the device? Couldn't a smart rootkit on the computer be able to rewrite the YubiKey software and/or retrieve the secret key? – Pacerier Nov 12 '13 at 17:56
  • 2
    USB interface is limited to the API the device supports -- it's not an instant full-access backdoor to the device or anything like that. Supposedly, there is no mechanism in the yubikey's API to either rewrite the keys or retrieve the keys, so the manufacturer assures us that it's impossible. Whether you trust the manufacturer or not, I leave that up to you. – mricon Nov 12 '13 at 18:06
  • @mcricon. So simply put, we can plug our YubiKey into an infested computer and leave it "plugged in" for 24 hours a day without compromising the security of the secret key? – Pacerier Nov 13 '13 at 00:49
  • 2
    If you're looking for assurances, I can't offer them. :) However, that's how it's supposed to work, yes. – mricon Nov 13 '13 at 01:34
  • Yubi keys do have FIPS 140-2 if that's what you're looking for. It's not getting much better than that on the retail market :) – cptMikky Jun 14 '15 at 21:56
2

Currently, the YubiKey can be setup by the user during configuration so that it is write protected. This is so the device cannot be compromised by some sort of malicious script being loaded onto it, it's also to prevent the integrity of the key being compromised as well. Although, if someone has the physical device, then really there is no need to go any further in compromising the device - at least in the sense of the device's static authentication, since you have the device itself.

But, in short, the YubiKey has measures to prevent malicious code from being loaded back onto the device. But this has to be setup by the user during initial configuration of the keys that are stored on the device. If someone were to grab ahold of the YubiKey prior to the end-user setting it up, then in theory, yes it could be compromised.

Harlan
  • 21
  • 3