On Thu, 7 Oct 2010, Ricky Zhou wrote:
On 2010-10-07 07:25:47 PM, Mike McLean wrote:
> On Thu, Oct 7, 2010 at 5:51 PM, Paul Wouters <paul(a)xelerance.com> wrote:
> > I have one and I've played with it in fedora. There is however an
important
> > catch. The server and the yubikey share the same AES symmetric key. This means
> > that if the yubikey is used for multiple sites by one user, that user is
sharing
> > is his "private key" over various external sites.
> >
> > So if fedoraproject would accept it, and the same user uses this yubikey for
> > another site, and that other site gets hacked, then fedoraproject could be
> > hacked as well.
> >
> > I guess in a way it is like using the same password, but people might not be
> > thinking of that when they have a "device" on them that they use.
>
> Wow, that's a serious weakness. Are we sure about this?
In order for this to happen, the user would have to explicitly take down
the generated AES key while it is being written to the key and then
submit it to the other site. I don't think this is really something we
need to worry about.
I had this atack in mind when I designed the burn script. The key never
touches the drive during the burning process s othe attack window here,
while real, is very tiny. Certainly safer then typing your username and
password everywhere all the time :)
-Mike