Stories
Slash Boxes
Comments

SoylentNews is people

posted by azrael on Wednesday October 22 2014, @12:39PM   Printer-friendly
from the keep-your-dongles-safe dept.

Google, along with the FIDO Alliance is set to launch a USB dongle which will be used to authenticate a user and grant access to a Google account.

Technology Review has this summary:

The small USB stick provides added protection for a Google account. Once a key is associated with your account, you’ll be prompted to insert the device into a computer each time you enter a password to log in - or, if you prefer, once a month on computers you use frequently. Touching a button on the security key triggers a cryptographic exchange with Google’s login systems that verifies the key’s identity.

A more verbose summary can be found directly on the FIDO website as well as CNN.

This key, which I found on Amazon for US $7-$18, seems to be a cheaper solution to the RSA cards and requires less typing.

What is old is new again. I wonder how hard it would be to clone one of these sticks from an infected public computer? And how it would fare going through the laundry?

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by Sir Garlon on Wednesday October 22 2014, @12:47PM

    by Sir Garlon (1264) on Wednesday October 22 2014, @12:47PM (#108622)

    To answer the submitter's rhetorical question in TFS, flash drives in my limited experience are pretty hardy. I sent one through the laundry -- washer and dryer -- and it was fine. And then, umm, the same drive went through the same process again a few months later, and again, it was fine. After that I stopped putting flash drives in my pockets so I don't know how many wash cycles it takes to break once.

    --
    [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
    • (Score: 2, Funny) by Scruffy on Wednesday October 22 2014, @01:16PM

      by Scruffy (1087) on Wednesday October 22 2014, @01:16PM (#108637)
      I'm extremely paranoid about wrecking my thumb drives in the laundry so I always use the delicate cycle and hang dry them.
      --
      1087 is a lucky prime.
      • (Score: 3, Informative) by VLM on Wednesday October 22 2014, @01:30PM

        by VLM (445) Subscriber Badge on Wednesday October 22 2014, @01:30PM (#108645)

        From experience of several people you can't kill a fitbit (basically a flash drive data logger for exercise) by washing and drying it, but you can kill one by washing it and then not immediately running it thru a regular dry cycle. Something about corrosion or long term short circuit conditions on the battery.

        My wife has killed cameras (plural) and one of the nicest things about removable flash media is its easy to destroy a camera but flash media is like an airliner black box, it seems almost impossible to destroy. Let me think... dropped off a mountain trail, dropped on concrete, a little accident with a campfire that got warmer than expected (softened plastic not incineration), immersed in water... all those dead cameras and no damage to the flash media. That stuff's tough.

    • (Score: 2) by c0lo on Wednesday October 22 2014, @01:32PM

      by c0lo (156) Subscriber Badge on Wednesday October 22 2014, @01:32PM (#108647) Journal

      After that I stopped putting flash drives in my pockets so I don't know how many wash cycles it takes to break once.

      Yeeaah... but... will it blend?

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
      • (Score: 2) by Immerman on Wednesday October 22 2014, @03:32PM

        by Immerman (3985) on Wednesday October 22 2014, @03:32PM (#108720)

        Absolutely - to those in the industry the process is known as "stochastic particle encryption", one of the most robust encryption techniques possible. Sadly it's *so* robust as to be essentially irreversible, and is thus suitable for only a relatively small percentage of use-cases.

        • (Score: 2) by c0lo on Wednesday October 22 2014, @08:41PM

          by c0lo (156) Subscriber Badge on Wednesday October 22 2014, @08:41PM (#108868) Journal
          Yeap. I seems to recall a special type of memory in the '90 - the write only memory. I heard the manufacturer declared bankruptcy - which is to show one can be ahead of time.
          --
          https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    • (Score: 2) by Hairyfeet on Wednesday October 22 2014, @11:54PM

      by Hairyfeet (75) <{bassbeast1968} {at} {gmail.com}> on Wednesday October 22 2014, @11:54PM (#108955) Journal

      Well I can say they can survive being drug behind a boat as I had a customer come in in a panic as he went skiing all day and it turned out he had the only copies of his entire vacation on the thing. good thing he listened to me and got a locking key ring that hooked to his belt loop or it'd probably be at the bottom of the lake! Anyway I stuck it behind the towers so the hot air from the PCs gently blew it dry and at the end of the day plugged it in and...voila! Worked just fine.

      Now if somebody can explain to me why we can make indestructible flash sticks but nobody has come up with an SSD controller that can't crap itself and lose all the data? I'd feel truly enlightened.

      --
      ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
  • (Score: 2) by hendrikboom on Wednesday October 22 2014, @12:54PM

    by hendrikboom (1125) Subscriber Badge on Wednesday October 22 2014, @12:54PM (#108624) Homepage Journal

    If it's not possible to back it up, there has to be a way to reestablish your identity after the dongle is lost, broken, or stolen.

    If there is such a procedure, then it's not secure, because an attacker could go through that procedure to impersonate you.

    If it is possible to back it up, then an attacker could back up your dongle if he ever gained physical access to it.

    • (Score: 2) by Sir Garlon on Wednesday October 22 2014, @01:11PM

      by Sir Garlon (1264) on Wednesday October 22 2014, @01:11PM (#108634)

      If it is possible to back it up, then an attacker could back up your dongle if he ever gained physical access to it.

      Yes, that is true. You would not want to rely on the dongle as the sole means of authentication. Fortunately, that is not the approach. The dongle is for two-factor authentication, so the attacker would need both a copy of the dongle and knowledge of your password.

      It's not unachievable for an attacker to get both. It is, however, harder to compromise both the dongle and the password than either alone. So even though the dongle is not perfect, it's more secure than the password alone.

      That said, security is not the only consideration. I have 158 passwords in my password manager. If each of them required a physical token, that would be an epic failure.

      --
      [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
    • (Score: 3, Informative) by VLM on Wednesday October 22 2014, @01:36PM

      by VLM (445) Subscriber Badge on Wednesday October 22 2014, @01:36PM (#108648)

      This isn't rocket surgery

      https://www.google.com/intl/en/landing/2step/features.html [google.com]

      look on second column second row

      I have a printed out sheet of one time use security codes in my safe for my google account. It would be a PITA to use them, but this is very well covered territory.

      I keep it in the same place as my first level backups and my passport and stuff like that.

      • (Score: 1) by drgibbon on Wednesday October 22 2014, @02:10PM

        by drgibbon (74) on Wednesday October 22 2014, @02:10PM (#108671) Journal

        It is! [twentytwowords.com]

        --
        Certified Soylent Fresh!
        • (Score: 2) by FatPhil on Wednesday October 22 2014, @10:23PM

          by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Wednesday October 22 2014, @10:23PM (#108931) Homepage
          Oh, please... www.youtube.com/watch?v=iGCMtk695Cg
          --
          Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
          • (Score: 2) by FatPhil on Wednesday October 22 2014, @10:42PM

            by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Wednesday October 22 2014, @10:42PM (#108934) Homepage
            > I wonder how hard it would be to clone one of these sticks from an infected public computer?

            If they've done the crypto correctly - impossible.

            No amount of data from them will tell you anything about any future data that will come out of them.
            All the security should be in an inaccessible key. And by inaccessible, I mean behind a fuse which will blow if the system detects any tampering. The owner of the key (fob) knows nothing about this key, he merely has physical posession of it. (Knowing something about it would mean that the security is no longer in what he has but what he knows). (It in turn may protect itself from use by a pin code, but that's a separate layer of security.)

            A very simplified example of how it could work is that it ouputs Hash(Encrypt(key = [secret, coded specifically to that device], value=the time, to 30s granularity)).
            The server knows which fob you have, and keeps a record of your time drift. It can therefore perform the same encryption as you.
            If you lose or break a fob, you need to get a new one from the issuer, and the server needs to know about your new fob (which will invalidate accesses from the old fob). This will require the same level of authentification as when the card/key/fob was originally issued. Yes it's hassle, but that's the only way that the security can be maintained.
            --
            Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
          • (Score: 1) by drgibbon on Thursday October 23 2014, @05:37AM

            by drgibbon (74) on Thursday October 23 2014, @05:37AM (#109028) Journal

            Haha good clip. What's "oh please"?

            --
            Certified Soylent Fresh!
            • (Score: 2) by FatPhil on Thursday October 23 2014, @07:38AM

              by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Thursday October 23 2014, @07:38AM (#109074) Homepage
              It was just an "no!!! this one instead!"

              Just for reference, that is one of my all time favourite sketches of all time, it even ranks above almost everything from python, so I'm always looking for an excuse to play it and link to it. Before playing it, I just said to my g/f nothing more than "sorry", and she almost immediately knew what I was going to do, I hadn't even finished typing in my search query (fortunately "mitchell webb rocket surg" is enough for google to find it).
              --
              Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
              • (Score: 1) by drgibbon on Thursday October 23 2014, @02:51PM

                by drgibbon (74) on Thursday October 23 2014, @02:51PM (#109195) Journal

                Ahh I get it. Always loved Peep Show, but haven't seen that much Mitchell & Webb, great sketch! I don't know who is uploading all these things, but it seems almost any clip I can think of has been cut and uploaded to the web somewhere, amazing.

                --
                Certified Soylent Fresh!
    • (Score: 2) by MozeeToby on Wednesday October 22 2014, @04:00PM

      by MozeeToby (1118) on Wednesday October 22 2014, @04:00PM (#108735)

      If there is such a procedure, then it's not secure, because an attacker could go through that procedure to impersonate you.

      Who says that procedure is necessarily insecure? For instance, activating it could trigger a message delivered any number of ways; including but not limited to alternate emails, text messages, showing on the Google home page, robocalling home or work land lines, etc. A determined attacker might be able to hijack some of them, but I doubt they'd manage all at once. Getting notified that you are under attack is significantly better than having it happen silently.

  • (Score: 1) by moylan on Wednesday October 22 2014, @01:01PM

    by moylan (3063) on Wednesday October 22 2014, @01:01PM (#108627)

    so will this allow you to use a handle or will it be real name bollix?

    the name i use day to day is not on any government paper but it is still my 'real name'. different places use names differently.
    http://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/ [kalzumeus.com]

    i use a google a lot less since they started shoving their fucked up 'real name' policy down users throats.

    • (Score: 3, Informative) by c0lo on Wednesday October 22 2014, @01:42PM

      by c0lo (156) Subscriber Badge on Wednesday October 22 2014, @01:42PM (#108651) Journal

      i use a google a lot less since they started shoving their fucked up 'real name' policy down users throats.

      Just in case you are tempted to use more of their services, be aware Google reversed their position on "real name".
      You haven't joined SN at the time [soylentnews.org]?

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
  • (Score: 2) by jcross on Wednesday October 22 2014, @01:25PM

    by jcross (4009) on Wednesday October 22 2014, @01:25PM (#108642)

    I doubt it's easy to clone from a USB host. My naive guess (not having read TFA or anything) is that this attaches as a USB keyboard and enters a rotating code into the same text input as your password, which is a fairly ingenious way to do multi-factor auth. If the crypto is any good, even harvesting a bunch of codes from an infected computer wouldn't make it easy to infer the private key on the device.

    • (Score: 2) by VLM on Wednesday October 22 2014, @01:43PM

      by VLM (445) Subscriber Badge on Wednesday October 22 2014, @01:43PM (#108653)

      It would be more fun from a single sign on position to subvert a single sign on host, and then use it to MITM attack a more interesting target.

      So you think you're logging into web based, single sign on equipped "flappy bird" clone, but its been subverted to MITM log in as if its is your browser to your bank account or whatever.

      This is the problem with SSO that I don't think anyone has solved yet in a convenient manner. There are all kinds of really inconvenient ways to do it involving the SSO provider texting not only a code but who is trying to use it, but this is super slow and clumsy and most idiots will ignore the "who" part all the time anyway.

    • (Score: 2) by egcagrac0 on Wednesday October 22 2014, @02:37PM

      by egcagrac0 (2705) on Wednesday October 22 2014, @02:37PM (#108691)

      attaches as a USB keyboard and enters a rotating code

      That's certainly how the higher end ones work, the OTP type keys.

      U2F seems to rely on a keypair being stored by the browser for each target site. The key-dongle unlocks the private key, allowing the signing request that validates the session to continue.

      Now, what little I know about keypairs, U2F isn't strong enough for me to endorse. If there's a second factor, it's got to be a rolling code (one time code), or out of band handshake. Anything less isn't workable for me or my users - it doesn't provide enough extra security (vs inconvenience) compared to regularly changed passwords.

      • (Score: 2) by jcross on Wednesday October 22 2014, @04:59PM

        by jcross (4009) on Wednesday October 22 2014, @04:59PM (#108775)

        > U2F seems to rely on a keypair being stored by the browser for each target site.

        Doesn't that imply some special features in the browser? Even though they control Chrome, I'd be thinking they'd want to do it in a browser-independent way so it's useful on say, shared computers, where users are the most vulnerable otherwise. Also it seems like this would mean the dongle is presenting as a storage device, which would make it really vulnerable to having its key copied and maybe cracked offline.

        • (Score: 2) by urza9814 on Thursday October 23 2014, @02:03PM

          by urza9814 (3954) on Thursday October 23 2014, @02:03PM (#109160) Journal

          Also it seems like this would mean the dongle is presenting as a storage device,

          or keyboard...

          which would make it really vulnerable to having its key copied and maybe cracked offline.

          You're assuming it gives access to the actual key, which would be terribly stupid design. There are plenty of dongles like this already. I use one for my VPN at work (see RSA SecureID) -- they don't reveal the key, they reveal a number generated using the key and the time. That code becomes useless to anyone within 60 seconds, and no matter how many codes you get, it's near impossible to use those to reverse-engineer the key.

          Google isn't inventing anything new here; this has been a solved problem for many years. The interesting thing is that it connects via USB, but that could just mean it connects as a keyboard and types the code for you instead of displaying it.

          • (Score: 2) by jcross on Thursday October 23 2014, @04:52PM

            by jcross (4009) on Thursday October 23 2014, @04:52PM (#109247)

            Yes, that's exactly how I thought it should work, if you read my original post. I was responding to egcagrac0's comment, which seemed to imply that the browser would somehow actively read the key from the device. I was curious about how that would work.

        • (Score: 2) by egcagrac0 on Thursday October 23 2014, @09:36PM

          by egcagrac0 (2705) on Thursday October 23 2014, @09:36PM (#109373)

          Doesn't that imply some special features in the browser?

          It surely does. However, if you want the FIDO U2F seal of approval, that's what you do.

          Like I said, I don't think I like it. The Yubikey NEO [yubico.com] or RSA SecurID 800 [emc.com] would be better fits for any application I care about.

          I really think that the world deserves a better simple explanation than "you plug in your U2F token and push the button when prompted, and it logs you in." I understand that's how it looks, but I really want a better explanation of the key exchange, what the hardware authenticator does, and why it's secure. I haven't gotten that from the FIDO documents yet, and I've had a reasonable (but brief) look at them. Maybe it's in there, but nothing I've seen about U2F suggests that it's a one-time code. In my eyes, that adds no advantage for a hardware authenticator.

  • (Score: 2) by Lemming on Wednesday October 22 2014, @01:26PM

    by Lemming (1053) on Wednesday October 22 2014, @01:26PM (#108643)

    This seems to be a Yubikey [yubico.com], which already exists for years. You can e.g. use it for two factor authentication access to your LastPass account, where you can store all your passwords.

    The clever thing is it needs no drivers, the computer you plug it in sees it as a USB-keyboard. When you touch the button it sends a code which is "typed" into an input field on the website you want to access. The generated code changes, like with a RSA key or Googles Authenticator phone app. So to answer the submitters question about cloning: this is not possible from an infected computer, as the private key which is used to generate the one-time code is never exposed.

    • (Score: 1) by drgibbon on Wednesday October 22 2014, @02:06PM

      by drgibbon (74) on Wednesday October 22 2014, @02:06PM (#108667) Journal

      I think Yubico has released a key that meets the new "Universal 2nd Factor" standard (which they helped develop), but I'm sure there could be others. Apparently Google has added U2F support into Chrome. YubiKey blog post on it here [yubico.com].

      --
      Certified Soylent Fresh!
    • (Score: 0) by Anonymous Coward on Wednesday October 22 2014, @03:03PM

      by Anonymous Coward on Wednesday October 22 2014, @03:03PM (#108703)

      As far as I understand, Yubikey requires the service you want to authenticate with to send the key to their servers for verification; the key itself of course contains an unique ID.

      That means:

      • Yubikey gets a complete list of every authentication done with the key, both who did it (through the ID in the key) and where it was done (through who contacted the server for verification).
      • Since you cannot verify the key yourself, you can't be sure whether the key was really authentic. Yubikey (or, more likely, a government organization using either a gag order or simply doing a MITM attack) could decide to authenticate not only your key, but another key with the same public ID part. Conversely, they could decide to no longer verify your key for a certain service despite being valid.
      • Related to this: The Yubikey servers are a single point of failure. If someone hacks the servers, he will get immediate access to any and every service protected with Yubikey.
      • (Score: 1) by drgibbon on Wednesday October 22 2014, @06:47PM

        by drgibbon (74) on Wednesday October 22 2014, @06:47PM (#108826) Journal

        If someone hacks the servers, he will get immediate access to any and every service protected with Yubikey.

        Yubikey is used as the second step in two-step authentication, so compromising the Yubikey servers would only be half the battle.

        --
        Certified Soylent Fresh!