[messaging] abusing u2f

Michael Rogers michael at briarproject.org
Thu Mar 24 03:58:26 PDT 2016


On 24/03/16 01:11, elijah wrote:
> One additional security consideration is that for usability, we would
> probably want the service provider to store the u2f key handle(s), so
> that a user can sit down at a new computer with their password knowledge
> and their previously registered u2f dongle and log in. If anyone with
> the service provider's db then gets the u2f dongle, we are back to just
> easy brute force attack against the password.

I'm probably missing something, but it seems to me that if you're using
the public key only as a (high entropy, easily disposed of) input to
local key derivation, an ordinary flash drive with some random data
would work just as well, with the same downsides that (a) anyone with
access to both the encrypted data and the dongle/drive can brute force
the password, and (b) malware on the device can record the public
key/random data for later reuse.

On the other hand, if you're using the dongle for that purpose and also
as a second factor for logging into the server, you're sending the
public key over the network so it's no longer secret - the server knows
it at least. So it seems to me (and again, I've probably totally
misunderstood what you're suggesting) that in this scenario you'd be
strictly better off using a separate flash drive with random data for
local key derivation, and saving the U2F dongle for logging into the server.

Cheers,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x9FC527CC.asc
Type: application/pgp-keys
Size: 4660 bytes
Desc: not available
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160324/d3196d31/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160324/d3196d31/attachment.sig>


More information about the Messaging mailing list