Google, along with the FIDO Alliance is set to launch a USB dongle which will be used to authenticate a user and grant access to a Google account.
Technology Review has this summary:
The small USB stick provides added protection for a Google account. Once a key is associated with your account, you’ll be prompted to insert the device into a computer each time you enter a password to log in - or, if you prefer, once a month on computers you use frequently. Touching a button on the security key triggers a cryptographic exchange with Google’s login systems that verifies the key’s identity.
A more verbose summary can be found directly on the FIDO website as well as CNN.
This key, which I found on Amazon for US $7-$18, seems to be a cheaper solution to the RSA cards and requires less typing.
What is old is new again. I wonder how hard it would be to clone one of these sticks from an infected public computer? And how it would fare going through the laundry?
(Score: 3, Informative) by Sir Garlon on Wednesday October 22 2014, @12:47PM
To answer the submitter's rhetorical question in TFS, flash drives in my limited experience are pretty hardy. I sent one through the laundry -- washer and dryer -- and it was fine. And then, umm, the same drive went through the same process again a few months later, and again, it was fine. After that I stopped putting flash drives in my pockets so I don't know how many wash cycles it takes to break once.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
(Score: 2, Funny) by Scruffy on Wednesday October 22 2014, @01:16PM
1087 is a lucky prime.
(Score: 3, Informative) by VLM on Wednesday October 22 2014, @01:30PM
From experience of several people you can't kill a fitbit (basically a flash drive data logger for exercise) by washing and drying it, but you can kill one by washing it and then not immediately running it thru a regular dry cycle. Something about corrosion or long term short circuit conditions on the battery.
My wife has killed cameras (plural) and one of the nicest things about removable flash media is its easy to destroy a camera but flash media is like an airliner black box, it seems almost impossible to destroy. Let me think... dropped off a mountain trail, dropped on concrete, a little accident with a campfire that got warmer than expected (softened plastic not incineration), immersed in water... all those dead cameras and no damage to the flash media. That stuff's tough.
(Score: 2) by c0lo on Wednesday October 22 2014, @01:32PM
Yeeaah... but... will it blend?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by Immerman on Wednesday October 22 2014, @03:32PM
Absolutely - to those in the industry the process is known as "stochastic particle encryption", one of the most robust encryption techniques possible. Sadly it's *so* robust as to be essentially irreversible, and is thus suitable for only a relatively small percentage of use-cases.
(Score: 2) by c0lo on Wednesday October 22 2014, @08:41PM
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by Yates on Thursday October 23 2014, @04:37AM
(Score: 2) by Hairyfeet on Wednesday October 22 2014, @11:54PM
Well I can say they can survive being drug behind a boat as I had a customer come in in a panic as he went skiing all day and it turned out he had the only copies of his entire vacation on the thing. good thing he listened to me and got a locking key ring that hooked to his belt loop or it'd probably be at the bottom of the lake! Anyway I stuck it behind the towers so the hot air from the PCs gently blew it dry and at the end of the day plugged it in and...voila! Worked just fine.
Now if somebody can explain to me why we can make indestructible flash sticks but nobody has come up with an SSD controller that can't crap itself and lose all the data? I'd feel truly enlightened.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by hendrikboom on Wednesday October 22 2014, @12:54PM
If it's not possible to back it up, there has to be a way to reestablish your identity after the dongle is lost, broken, or stolen.
If there is such a procedure, then it's not secure, because an attacker could go through that procedure to impersonate you.
If it is possible to back it up, then an attacker could back up your dongle if he ever gained physical access to it.
(Score: 2) by Sir Garlon on Wednesday October 22 2014, @01:11PM
Yes, that is true. You would not want to rely on the dongle as the sole means of authentication. Fortunately, that is not the approach. The dongle is for two-factor authentication, so the attacker would need both a copy of the dongle and knowledge of your password.
It's not unachievable for an attacker to get both. It is, however, harder to compromise both the dongle and the password than either alone. So even though the dongle is not perfect, it's more secure than the password alone.
That said, security is not the only consideration. I have 158 passwords in my password manager. If each of them required a physical token, that would be an epic failure.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
(Score: 3, Informative) by VLM on Wednesday October 22 2014, @01:36PM
This isn't rocket surgery
https://www.google.com/intl/en/landing/2step/features.html [google.com]
look on second column second row
I have a printed out sheet of one time use security codes in my safe for my google account. It would be a PITA to use them, but this is very well covered territory.
I keep it in the same place as my first level backups and my passport and stuff like that.
(Score: 1) by drgibbon on Wednesday October 22 2014, @02:10PM
It is! [twentytwowords.com]
Certified Soylent Fresh!
(Score: 2) by FatPhil on Wednesday October 22 2014, @10:23PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by FatPhil on Wednesday October 22 2014, @10:42PM
If they've done the crypto correctly - impossible.
No amount of data from them will tell you anything about any future data that will come out of them.
All the security should be in an inaccessible key. And by inaccessible, I mean behind a fuse which will blow if the system detects any tampering. The owner of the key (fob) knows nothing about this key, he merely has physical posession of it. (Knowing something about it would mean that the security is no longer in what he has but what he knows). (It in turn may protect itself from use by a pin code, but that's a separate layer of security.)
A very simplified example of how it could work is that it ouputs Hash(Encrypt(key = [secret, coded specifically to that device], value=the time, to 30s granularity)).
The server knows which fob you have, and keeps a record of your time drift. It can therefore perform the same encryption as you.
If you lose or break a fob, you need to get a new one from the issuer, and the server needs to know about your new fob (which will invalidate accesses from the old fob). This will require the same level of authentification as when the card/key/fob was originally issued. Yes it's hassle, but that's the only way that the security can be maintained.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 1) by drgibbon on Thursday October 23 2014, @05:37AM
Haha good clip. What's "oh please"?
Certified Soylent Fresh!
(Score: 2) by FatPhil on Thursday October 23 2014, @07:38AM
Just for reference, that is one of my all time favourite sketches of all time, it even ranks above almost everything from python, so I'm always looking for an excuse to play it and link to it. Before playing it, I just said to my g/f nothing more than "sorry", and she almost immediately knew what I was going to do, I hadn't even finished typing in my search query (fortunately "mitchell webb rocket surg" is enough for google to find it).
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 1) by drgibbon on Thursday October 23 2014, @02:51PM
Ahh I get it. Always loved Peep Show, but haven't seen that much Mitchell & Webb, great sketch! I don't know who is uploading all these things, but it seems almost any clip I can think of has been cut and uploaded to the web somewhere, amazing.
Certified Soylent Fresh!
(Score: 2) by MozeeToby on Wednesday October 22 2014, @04:00PM
If there is such a procedure, then it's not secure, because an attacker could go through that procedure to impersonate you.
Who says that procedure is necessarily insecure? For instance, activating it could trigger a message delivered any number of ways; including but not limited to alternate emails, text messages, showing on the Google home page, robocalling home or work land lines, etc. A determined attacker might be able to hijack some of them, but I doubt they'd manage all at once. Getting notified that you are under attack is significantly better than having it happen silently.
(Score: 1) by moylan on Wednesday October 22 2014, @01:01PM
so will this allow you to use a handle or will it be real name bollix?
the name i use day to day is not on any government paper but it is still my 'real name'. different places use names differently.
http://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/ [kalzumeus.com]
i use a google a lot less since they started shoving their fucked up 'real name' policy down users throats.
(Score: 3, Informative) by c0lo on Wednesday October 22 2014, @01:42PM
Just in case you are tempted to use more of their services, be aware Google reversed their position on "real name".
You haven't joined SN at the time [soylentnews.org]?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by jcross on Wednesday October 22 2014, @01:25PM
I doubt it's easy to clone from a USB host. My naive guess (not having read TFA or anything) is that this attaches as a USB keyboard and enters a rotating code into the same text input as your password, which is a fairly ingenious way to do multi-factor auth. If the crypto is any good, even harvesting a bunch of codes from an infected computer wouldn't make it easy to infer the private key on the device.
(Score: 2) by VLM on Wednesday October 22 2014, @01:43PM
It would be more fun from a single sign on position to subvert a single sign on host, and then use it to MITM attack a more interesting target.
So you think you're logging into web based, single sign on equipped "flappy bird" clone, but its been subverted to MITM log in as if its is your browser to your bank account or whatever.
This is the problem with SSO that I don't think anyone has solved yet in a convenient manner. There are all kinds of really inconvenient ways to do it involving the SSO provider texting not only a code but who is trying to use it, but this is super slow and clumsy and most idiots will ignore the "who" part all the time anyway.
(Score: 2) by egcagrac0 on Wednesday October 22 2014, @02:37PM
That's certainly how the higher end ones work, the OTP type keys.
U2F seems to rely on a keypair being stored by the browser for each target site. The key-dongle unlocks the private key, allowing the signing request that validates the session to continue.
Now, what little I know about keypairs, U2F isn't strong enough for me to endorse. If there's a second factor, it's got to be a rolling code (one time code), or out of band handshake. Anything less isn't workable for me or my users - it doesn't provide enough extra security (vs inconvenience) compared to regularly changed passwords.
(Score: 2) by jcross on Wednesday October 22 2014, @04:59PM
> U2F seems to rely on a keypair being stored by the browser for each target site.
Doesn't that imply some special features in the browser? Even though they control Chrome, I'd be thinking they'd want to do it in a browser-independent way so it's useful on say, shared computers, where users are the most vulnerable otherwise. Also it seems like this would mean the dongle is presenting as a storage device, which would make it really vulnerable to having its key copied and maybe cracked offline.
(Score: 2) by urza9814 on Thursday October 23 2014, @02:03PM
or keyboard...
You're assuming it gives access to the actual key, which would be terribly stupid design. There are plenty of dongles like this already. I use one for my VPN at work (see RSA SecureID) -- they don't reveal the key, they reveal a number generated using the key and the time. That code becomes useless to anyone within 60 seconds, and no matter how many codes you get, it's near impossible to use those to reverse-engineer the key.
Google isn't inventing anything new here; this has been a solved problem for many years. The interesting thing is that it connects via USB, but that could just mean it connects as a keyboard and types the code for you instead of displaying it.
(Score: 2) by jcross on Thursday October 23 2014, @04:52PM
Yes, that's exactly how I thought it should work, if you read my original post. I was responding to egcagrac0's comment, which seemed to imply that the browser would somehow actively read the key from the device. I was curious about how that would work.
(Score: 2) by egcagrac0 on Thursday October 23 2014, @09:36PM
It surely does. However, if you want the FIDO U2F seal of approval, that's what you do.
Like I said, I don't think I like it. The Yubikey NEO [yubico.com] or RSA SecurID 800 [emc.com] would be better fits for any application I care about.
I really think that the world deserves a better simple explanation than "you plug in your U2F token and push the button when prompted, and it logs you in." I understand that's how it looks, but I really want a better explanation of the key exchange, what the hardware authenticator does, and why it's secure. I haven't gotten that from the FIDO documents yet, and I've had a reasonable (but brief) look at them. Maybe it's in there, but nothing I've seen about U2F suggests that it's a one-time code. In my eyes, that adds no advantage for a hardware authenticator.
(Score: 2) by Lemming on Wednesday October 22 2014, @01:26PM
This seems to be a Yubikey [yubico.com], which already exists for years. You can e.g. use it for two factor authentication access to your LastPass account, where you can store all your passwords.
The clever thing is it needs no drivers, the computer you plug it in sees it as a USB-keyboard. When you touch the button it sends a code which is "typed" into an input field on the website you want to access. The generated code changes, like with a RSA key or Googles Authenticator phone app. So to answer the submitters question about cloning: this is not possible from an infected computer, as the private key which is used to generate the one-time code is never exposed.
(Score: 1) by drgibbon on Wednesday October 22 2014, @02:06PM
I think Yubico has released a key that meets the new "Universal 2nd Factor" standard (which they helped develop), but I'm sure there could be others. Apparently Google has added U2F support into Chrome. YubiKey blog post on it here [yubico.com].
Certified Soylent Fresh!
(Score: 0) by Anonymous Coward on Wednesday October 22 2014, @03:03PM
As far as I understand, Yubikey requires the service you want to authenticate with to send the key to their servers for verification; the key itself of course contains an unique ID.
That means:
(Score: 1) by drgibbon on Wednesday October 22 2014, @06:47PM
Yubikey is used as the second step in two-step authentication, so compromising the Yubikey servers would only be half the battle.
Certified Soylent Fresh!