http://err.no/personal/blog/ tfheen's blog tfheen@err.no tfheen@err.no en http://err.no/tfheen.jpg Image of Tollef Fog Heen http://err.no/personal/blog 66 100 http://err.no/personal/blog/tech/2010-03-16-08-41_Yubikey_a_small_explanation.html Tue, 16 Mar 2010 08:41 +0100 <p><a href="http://etbe.coker.com.au/2010/03/15/yubikey/">Russell Coker</a> recently reviewed the Yubikey. The article mentions me, so I figured I'd correct a minor thing and respond to one of the comments.</p> <p>First, the <code>yubikey-server-c</code> is my reimplementation of the Yubikey authentication protocol. Yubico provides two implementations, one in PHP and one in Java, neither which I'm particuarly interesting on building my system security on. Any bugs, misfeatures, etc in the C implementation are mine and mine alone.</p> <p>Barak A. Pearlmutter, one of the commenters on Russell's blog writes:</p> <p>i don’t understand. isn’t this thing vulnerable to eavesdropping and replaying? even if <em>it</em> has a counter which changes etc, the things it is talking to (web sites) can’t know that some generated string is being reused. and it doesn’t even have a clock, so these things can be old.</p> <p>The way the Yubikey works is you have a central authentication server. This has a secret shared with the key. Setting this secret is the primary function of the personalisation tool. When you press the button, the key takes its internal state (various counters, uid field, etc) and encrypts this using AES-128. This is then sent to the application you are trying to access, be it Wordpress, SSH or something else. Said application then contacts the authentication server which decrypts the ticket, checks the values of the counters to make sure it's not a replay and responds with OK, bad ticket, replay and various other status codes. Based on this, the application grants or denies access.</p> <p>There are really two places you could attack this: in the communication between the web browser and application or between application and authentication server. Both of those can be secured using SSL.</p> <p>There is no way to use a single yubikey in multiple authentication realms without extra software. To do this, you would have a OpenID provider that uses the Yubikey for authentication, or you could have a Kerberos server with cross-realm trust.</p> <p>As for the PAM modules and other tools so far not being packaged, yes, I know, I might fix it, but the current setup has the bits I use, as I use RADIUS authentication to get services to support both Yubikey and passwords.</p>