18

I've been following the FIDO standard (a consumer-friendly public-key system similar to SSH key pairs) and it appears that it's close to being complete: both Google and PayPal have been testing it internally for some time, the just-announced Samsung S5 is compatible, and Yubikey has announced that the next version of their Neo product will be FIDO compliant.

I am looking to revamp my personal op-sec in the immediate future and I want to make sure the security token I buy will be backwards compatible with the FIDO standard. The xNT implant and the next version of the NFC ring will both be utilizing NXP's NTAG216 NFC chip, which has some secure storage capabilities. The xNT project lead stated over email that the xNT sticks to NFC standards so it should be compatible, however, Yubikey has stated that their current security tokens will not be forwards compatible with the standard.

Does anyone have any special insight as to what is required of the hardware to implement the FIDO U2F standard (why wouldn't the Yubikey's be backwards compatible, for example) and whether the xNT implant is future-proof? I don't understand why they couldn't encrypt the public/private keys for U2F and store the decryption key on the Yubikey.

Philipp
  • 48,867
  • 8
  • 127
  • 157
Indolering
  • 852
  • 6
  • 21
  • Did you find anything on this? – Saqib Ali Jan 20 '15 at 06:11
  • @SaqibAli yes and no. Yubikey chose to deterministically generate the public/private keys, meaning that it can support an unlimited number of keys but older tokens won't work. In order to use the NFC ring or the implant, I'm guessing that you would have to build your own middleware layer. – Indolering Jan 30 '15 at 23:31

1 Answers1

7

Per the Yubikey FAQ they state the following:

..."All YubiKey NEO devices manufactured as of February 10, 2015 supported the current FIDO U2F specification for NFC. To verify you have a YubiKey NEO that supports NFC, check to see your YubiKey is running firmware version 3.4.0 or later."...

Likewise, the YubiKey 4 (v4) and Neo (v3) are also listed as being FIDO certified U2F authenticators

Based on the YubiKey FAQ it appears either a hardware or firmware change occurred in their product line near the February 10th, 2015 date and that may be the cause of conflicting information you are running into.

Trey Blalock
  • 14,099
  • 6
  • 43
  • 49