I'm considering getting a YubiKey for personal use - SSH, GPG and 2FA.
Wondering how trustworthy it is. How do I know if there are no backdoors in the device itself?
Seems like these kind of security and privacy related tools can be of big interest to the big brother ๐ How should I approach it? Where should I start my research?
I appreciate strong personal opinions, but please backed them up with verifiable sources ๐
#encryption #privacy #yubico #yubikey #ssh #gpg #2fa #trust #backdoor
@lazurski
The whole verification process is based on a private key, whose copy is sealed inside every yubikey from a given manufacturing series. There's also a corresponding public key certificate issued by Yubico, and IIRC there's a public database of U2F manufacturers' public keys and relevant device metadata, eg. how tamper-proof it's supposed to be.
See: https://developers.yubico.com/U2F/Attestation_and_Metadata/
@lazurski
You can test the attestation by going to https://demo.yubico.com/u2f and logging in with yubikey's U2F.
Aside from U2F authentication status, it will also display U2F attestation status and metadata.
Thanks. That's certainly very good advice to test if the device is authentic.
Other than that, do I understand correctly that your position is: you just have to trust people of Yubico?
@lazurski yeah, same as you trust the CPU manufacturer.
I mean, you could order many yubikeys for you and your friends, pick one randomly, decap it, reverse engineer, and if you found a backdoor, you'd be on the first page of the news and Yubico would be in much trouble.
@Wolf480pl Yes, that's exactly what I am thinking about. How feasible is that and are there any independent / trustworthy people who do that?
@Wolf480pl Of course "trust" and "trustworthy" are very subjective matters. It's not black and white.
@lazurski well, personally I find Yubico more trustworthy than eg. Intel, because adding a backdoor would be a bigger risk for them than for Intel, and also because they're manufactured in Sweden (and USA, but I guess they don't ship from USA to Europe, that'd make no sense; anyway still better than China)
@Wolf480pl Sounds reasonable.
As far as I understand Intel is shipping back-doors and call them features: https://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/
@lazurski as far as I understand, Intel is shipping horribly insecure misfeatures.
I don't call them backdoors until there's a proof that they were added maliciously.
Also, I strongly believe in Intel's incompetence.
@Wolf480pl right. I stand corrected ๐
@lazurski IMO it's kinda subjective, how much stupidity and how much malice you assume in people.
@Wolf480pl One should never assume malice for what can be sufficiently explained by incompetence.
On the other hand, often in practice it is not that relevant.
So, do you personally use Yubikey? What's your experience?
@lazurski I use my Yubikey for U2F and PGP subkeys, including one that's used for SSH.
The SSH part is kinda annoying when used on the go, as I tend to ssh to many machines, not necessarily at the same time, so the yubikey would need to be plugged in all the time, which I don't feel comfortable with in a public place.
The U2F is really cool - it's the smoothest 2FA out there, and also most secure. And websites usually keep me logged in, so I can kide ubikey back into my pocket.
Do you back-up your keys? How do you deal with the possibility of loosing the Yubikey?
@lazurski The PGP and SSH keys were generated on one of my PCs, even before I had a yubikey. And they are backed up. If the SSH key wasn't backed up, it wouldn't be a problem, as I always have more than one key in .ssh/authorized_keys
For U2F, I have one-time recovery codes.
I try not to leave my yubikey unattended, and when I use it in a public setting, I pay close attention to it, and make sure it can't slip out of my hand.
@lazurski btw. there was a bug discovered a while ago where the secure chips in some yubikeys had broken hardware RNG. So IMO it's better to generate keys on a regular PC (up to date software, no resource constraints, lots of entropy) than on smartcards or their USB equivalents.
@lazurski
I was hesitant to set up any 2FA before I had my ubikey, as all of them would rely on my phone, which I consider less secure than my laptop. Also, IMO T/H-OTP sucks because the server needs to store the shared secret in plaintext (db breach anyone?), and SMS sucks because telcos are old and insecure AF.
@lazurski
uhh... I have no idea, I'd look through past Chaos Communication Congress talks, IIRC there were some people who did chip decapping, so maybe they have more information on that matter.
> same as you trust the CPU manufacturer.
Somewhat disturbing example ๐ I'm not sure I trust them.
@lazurski
>How do you know if there are no backdoors in the device itself?
You don't.
Unless you have an electron microscope, and want to decap the chip and figure out what it does by looking at the tiny pieces of wire all over a piece of silicon.
What you can sort-of verify is whether your Yubikey was indeed made by Yubico. You can use U2F attestation for that, and I think there was another method that used some python script and libusb.