11

I've been doing some reading about YubiKey (for example What is a Yubi key and how does it work?) and found the information to be incomplete. It's my understanding, that when the user is prompted to answer a password, all they have to do is plug the YubiKey into a USB port and press its button and then it automatically types out a password into the active text field.

Point 1)
According to Linux Journal

Each time you press the button on the device, it generates a one-time password and sends it to the host machine as if you had entered it on a keyboard.

So if it's a different password each time what good does that do?

Point 2)
Is it any more secure than using any USB key with a key file on it?

Point 3)
From Yubico it's not possible to backup the device so if you lose it or break it you're in trouble (in this sense a regular key file is much better).

Point 4)
I've read that it's not susceptible to malware copying the key, but I don't believe this. If it acts like a keyboard, what's stopping a keylogger from intercepting the keystrokes?

Point 5)
Yubikey is open source. Does it matter since it's primarily a hardware device?

Point 6)
If it does just enter a password, how is this different than just having another password written down or memorized?

Community
  • 1
Celeritas
  • 10,039
  • 22
  • 77
  • 144

2 Answers2

12

A bit of background as to what Yubikey is first: Yubikey is a variation on a common type of device known as a One Time Password generator. Basically a mini-computer that generates an essentially unlimited stream of passwords, usually one per minute from a deterministic algorithm embedded in the device. The trick is that next password is predictable if you know a secret "seed" value and unguessable if you don't know it.

This way an authentication computer that knows the secret seed can confirm you have the Yubikey physically on hand because only the Yubikey and the authentication server1 can generate the once-off password required at a specific minute in time.

So:

  • Point one. As long as the authentication server knows what password the Yubikey should be generating, then having a different password every time makes it impossible for someone to spy over your shoulder and steal your password - as each password becomes useless a minute later. Essentially the key is something you have rather than something you know2.
  • Point two. For authentication - yes. For the reasons described above. For encryption - no. As you actually want to remember and reuse the key you encrypted the file with. In theory a 32GB USB key filled with truly random data could qualify as an all-purpose entropy source for authentication and encryption, but USBs are normally not that difficult to duplicate or manipulate.
  • Point 3. In theory if you know the secret key, you can duplicate the YubiKey but once a YubiKey is configured the idea is that you can't duplicate it as it must be something that only an authorised person possesses. Of course, since Yubikeys are intended for authentication instead of encryption, new ones (with new seeds) can reissued for a user who has lost their old one.
  • Point 4. As per overview, capturing the passwords is pointless as the maths behind the internal pseudorandom number generator make predicting future passwords extremely difficult - as in governments give you millions of dollars if you succeed, difficult.
  • Point 5. You want it to be open source. Most common cryptographic flaws are not in the mathematical algorithms but the overall implementation. You want to know that any security expert on the planet can pull up a copy of the system and examine it for flaws as need be.
  • Point 6. As per earlier discussion.

1. Depending on configuration, as there are many other ways to use the Yubikey design.
2. Although I believe YubiKey is an open standard, so you could memorise the secret seed yourself if you really wanted to for some reason.

LateralFractal
  • 5,143
  • 18
  • 41
  • What does mean "server"? So Yubikey and the password manager (e.g. Keppass, Lastpass) both know the secret seed and the algorithm (which is open source so is public knowledge) and using the seed and the current time both calculate a deterministic output. Is my understanding correct? If an attacker gained knowledge of the seed, then they would be able to create the password for any time, and yubikey would be defeated? What prevents that from happening? – Celeritas Oct 14 '14 at 06:19
  • 2
    @Celeritas Yes, the secret seed must be kept secret. [one of the reasons](http://www.computerworld.com/article/2508789/security0/cyberattacks-fuel-concerns-about-rsa-securid-breach.html) why RSA tokens are no longer as popular as open solutions. Without very specialist tools and expertise, extracting data from hardened EEPROM is impractical. An overview for Yubikey security can be [read here](http://www.yubico.com/wp-content/uploads/2012/10/Security-Evaluation-v2.0.1.pdf#page=15). – LateralFractal Oct 14 '14 at 06:31
  • You say the password changes every minute. Are you using it as an example or is it actually one minute? – Celeritas Oct 14 '14 at 06:34
  • Most OTP generators generate one every minute as a minute is a handy human division of time. However, in theory the generation could be much faster or slower; after all it is just a PRNG logical bitstream. – LateralFractal Oct 14 '14 at 06:36
  • 2
    @Celeritas The seed could be thought of as the true password, and you're authenticating with a derivation of that password that uses time as an input. So yeah, thats why the seed is important to keep secret. – Andrew Hoffman Oct 14 '14 at 13:32
  • At this point, is it any better than an authenticator app, such as Google Authenticator? – Celeritas Jan 07 '17 at 09:33
  • @Celeritas Depends on your security needs. It's pretty easy to clone the content of a software-only OTP generator like Google Authenticator (on an Android phone at least). Occasionally this can be handy to avoid the risk of losing your primary phone; but it does break a purist definition of two-factor authentication. – LateralFractal Jan 09 '17 at 02:14
2

This works similarly to any symmetric key one-time password (OTP) technology.

Point 1 - This is not meant to replace your password but instead be a second factor of authentication. Without possession of the Yubikey you are unable to generate the code necessary to authenticate to a system.

Point 2 - Well, it generates one time passwords so it is more secure than a cert file which can be copied and later used somewhere else.

Point 3 - True, but sometimes failing closed is preferred. It just depends on what you hope this system will provide for you.

Point 4 - It can intercept the keystrokes, but they would be good for only one use. I am not sure if a compromise of the system could derive all the secret data from the Yubikey, though. Can you provide a little more detail on what you read about this? I noticed on their site they mention that it's not a way to get infected, because you can't write files to it like a usb drive.

Point 5 - Not really, except then you can be reasonably sure there isn't some kind of backdoor in it. Oftentimes these types of tools have a master key or something similar which obviously is not something you want as an end user.

theterribletrivium
  • 2,679
  • 17
  • 18
  • It seems all of your points rely on the fact that is still unclear to me, how can it possibly work if each time it generates a new password? It's not like every program that needs a password is specially designed to handle the case of a Yubikey. – Celeritas Oct 14 '14 at 01:10
  • @Celeritas yubikey is not a password manager; while you can use it with a password manager like lastpass, it does not store your passwords or fill them in for you. Its sole purpose is to provide a second source of authentication, similar to how Gmail can text a code to your phone that you have to enter in addition to your password. Yubikey simply replaces the phone in this process. The application must also be written to support yubikey. – tlng05 Oct 14 '14 at 01:54
  • It's because the passwords are generated based on factors including a shared secret key both the Yubikey and the server have on it. The article you linked has more details about those steps. All of the other values are able to be determined on either end such as sequence number, timestamp, etc. Using the secret key a password is generated. RSA keys use a similar mechanism. The only real difference here is the Yubikey has a much larger number of combinations than RSA's 6 integers. – theterribletrivium Oct 14 '14 at 05:01