Should LastPass use the YubiKey public identifier as a secret key?

Question

I've just picked up a YubiKey.

However, the demo Yubico redirect you to is served over plain HTTP, over which each OTP you generate during the demo is POSTed, enabling you to verify that your key is working properly. The first group of characters of each OTP is a static public identifier of the key.

As services such as LastPass use the static identifier in order to encrypt your password vault for offline use, is it a good choice for LastPass to use the public identifier since Yubico treat this as public knowledge?

Even worse: if you use Yubico OpenID, the public identity is even part of the public URL! https://openid.yubico.com/server.php/idpage?user=vvaaaaabbb... — Josef, Jul 29 '15 at 19:02

SilverlightFox · Accepted Answer · 2015-01-07T10:27:50.907

3

No, this is insecure as the public identity is not considered a secret. This is backed up by the fact Yubico send the identifier over HTTP. If this is known to be used for a LastPass account, a MITM could capture the extra offline encryption key as used by LastPass.

Although there is a chance that it has been leaked over the internet, as the master password is also required to unlock the local password vault, the risk is low.

The YubiKey Personalization Tool can be used to configure a new public identity in the case that it has been leaked.

edited Jan 07 '15 at 10:27

answered Jan 06 '15 at 15:56

SilverlightFox

33,408
6
67
178

Is the public identity supposed to be secret? – Andrew Hoffman Jan 06 '15 at 21:34
1

Not from the Yubikey's perspective, however it is from LastPass' as they use it to encrypt your offline data (in combination with your password derived key). – SilverlightFox Jan 06 '15 at 22:00

score 1 · Answer 2 · answered Nov 18 '15 at 22:26

1

The YubiKey's public identifier is just one part. The key is generated also via the hash of your master password (plus email) all combined. Even if the YubiKey's public identifier (and your email) is known to the attacker, so what? The password is still secret. That's the most important part.

Adding the public identifier to the hashing doesn't weaken the lastpass security.

answered Nov 18 '15 at 22:26

user12480

186
1
5

It does weaken the "offline two factor" authentication feature though if the second factor is known - only the password now is needed. – SilverlightFox Nov 18 '15 at 23:06
There is is no such thing as "offline two factor authentication " as AES keys are static. Where do you see Lastpass promoting this as a "feature"? – user12480 Nov 19 '15 at 00:40
See the section here - [Enabling YubiKey with LastPass](http://bit.ly/1MDrLEr). `Permit Offline Access: Controls whether access to your vault will be allowed when you are not connected to the Internet. Allowing offline access to your vault is slightly less secure since YubiKey OTPs can not be validated, and only the static portion of the key is validated.`. No, not true 2FA by any means, however it is still a feature and an extra (albeit thin) layer of security because if your password is known and access is gained to your device, the Yubikey is still needed (or the public identifier of it). – SilverlightFox Nov 19 '15 at 09:48
The quote you posted isn't saying static portion of YubiKey adds 2FA. That quote also applies to something like Google Authenticator. – user12480 Nov 19 '15 at 10:09
Check out the video at [this point](https://youtu.be/tYF3YZsEOG8?t=1m54s). As I said it is _not true_ 2FA by any means, but if your password and device is compromised it adds protection to the offline vault. Google Authenticator cannot be used offline at all - with LastPass and GA offline access is either available or not depending on the option set per account. With the Yubikey there is some middle ground, providing the static portion has never been leaked. – SilverlightFox Nov 21 '15 at 13:12

score 0 · Answer 3 · answered Nov 19 '15 at 20:05

For best 2FA procedure in this context, the important part here is to keep the "Permit Offline Access" option DISABLED. With this option disabled, LastPass will not send you the vault containing the encrypted passwords (or perhaps not send you the key to decrypt - I forget which) unless the YubiOTP is validated against Yubico's servers as a fresh/previously unused OTP.

If you enable this option, then you're only using the static prefix portion of the YubiOTP as a second unchanging password, which is a poor second factor at best.

https://www.youtube.com/watch?time_continue=181&v=tYF3YZsEOG8

Yes, they don't send you the vault. Note that the static identifier is only used to access the offline version. For the retrieval of the most fresh copy, you need the dynamic code. So if your device was compromised and you think your password and yubikey public identifier is known, then changed passwords in your vault are safe if they were never synced to your compromised device. — SilverlightFox, Nov 19 '15 at 20:23

Should LastPass use the YubiKey public identifier as a secret key?

3 Answers3

Linked