undefined | Better HN

0 pointsgruez4y ago0 comments

>You may want to enroll multiple and keep them in other places too, but you can't enroll a key you don't have so things like a safe deposit box are not useful for the average case.

That seems like a usability nightmare. Are there plans to improve this? Hardware wallets for cryptocurrencies seem to have it solved. You can keep multiple copies of the keys around (ie. multisig wallets) for maximum security, or you can write down the private key of the device you have and store it somewhere safe. In either case you can retain the public keys so you don't need access to the device if you want to send funds to them (or in the case of authentication tokens, enroll them).

0 comments

vorpalhex4y ago

Because each hardware key is unique, this is not a feature currently available nor likely to become available. Each token from the yubikey is not (readily) linkable to the key itself since the underlying secret is opaque and can't be exported, so tricks like Shamir's aren't readily possible.

Yubikeys do solve a lot of use cases very well but that is a downside to them. That is probably still a good tradeoff for most consumers.

gruezOP4y ago

>Because each hardware key is unique, this is not a feature currently available nor likely to become available.

You don't necessarily have to do it crypto wallet style and have the private key be exportable. Just adding a public key export (on the security token side) and a way to enroll a token by its public key (on the browser/website side) would allow you to enable 2fa without having to make a trip to the safe deposit box (either to store your backup codes, or to fetch your backup token for enrollment).

>Each token from the yubikey is not (readily) linkable to the key itself since the underlying secret is opaque and can't be exported

That's not an issue. You can derive more ECDSA public keys from a single master ECDSA public key[1]. The corresponding private keys can only be derived using the corresponding master ECDSA private key, and the generated public keys can't be linked back to the master ECDCSA public key. Bitcoin hierarchical deterministic uses this property to generate wallets that don't need regular backup (all your addresses are derived from one key) and apple's find my network uses something similar.

[1] exact mechanism is described here: https://bitcointalk.org/index.php?topic=19137.msg239768#msg2... starting at "Type-2 is a bit less obvious [...]"

tialaramex4y ago

For FIDO (and thus WebAuthn, and thus to make this actually practical beyond a toy that only works for some particular Yubico product) the keys are random per enrollment. This is intentional because it means that you can't be tracked, since "your" key on Facebook and "your" key on GitHub are no more related to each other than "my" key on Facebook is to "your" key on GitHub.

Google have apparently some plans to address this problem in the medium term. Adam Langley has written vaguely on this subject before. In the short term, their priority is the trick he wrote about most recently - if your Android phone is enrolled as a Security Key with Google, and it's signed in to Google because it's an Android phone, and you use Chrome on a desktop, which is also signed into Google, the Chrome can use Bluetooth to determine if the phone is physically nearby and if so propose to authenticate your desktop Chrome to a remote web site using the Android phone. Elegant, albeit not suitable for those who fear lock-in.

1 more reply

vorpalhex4y ago

It looks like Yubikey supports ECDSA keys as of 5.2.3 (Yubikey 5+ devices) and will export the public keys and allows private key signing so this should be possible. It will be an irregular yubikey flow code wise but user wise will appear normal.

j / k navigate · click thread line to collapse

0 comments

vorpalhex4y ago

Yubikeys do solve a lot of use cases very well but that is a downside to them. That is probably still a good tradeoff for most consumers.

gruezOP4y ago

>Because each hardware key is unique, this is not a feature currently available nor likely to become available.

>Each token from the yubikey is not (readily) linkable to the key itself since the underlying secret is opaque and can't be exported

[1] exact mechanism is described here: https://bitcointalk.org/index.php?topic=19137.msg239768#msg2... starting at "Type-2 is a bit less obvious [...]"

tialaramex4y ago

1 more reply

vorpalhex4y ago

j / k navigate · click thread line to collapse