nanog mailing list archives
Re: crypto frobs
From: Tom Beecher <beecher () beecher cc>
Date: Tue, 24 Mar 2020 07:51:42 -0400
What yubikey are you talking about? I have a password protecting my ssh key but the yubikeys I've used (including the FIPS version) spit out a string of characters when you touch them. No pin.
PIV enabled ones have pins if you are using that functionality. On Mon, Mar 23, 2020 at 8:51 PM William Herrin <bill () herrin us> wrote:
On Mon, Mar 23, 2020 at 5:16 PM Warren Kumari <warren () kumari net> wrote:Well, yes and no. With a Yubiikey the attacker has to be local to physically touch the button[0] - with just an SSH key, anyone who gets access to the machine can take my key and use it. This puts it in the "something you have" (not something you are) camp.Hi Warren, They're both "something you have" factors. The yubi key proves possession better than the ssh key just like a long password proves what-you-know better than a 4-digit PIN. But the ssh key and the yubi key are still part of the same authentication factor.Not really -- if an attacker steals my laptop, they don't have the yubikey (unless I store it in the USB port).You make a habit of removing your yubi key from the laptop when nature calls? No you don't.If they *do* steal both, they can bruteforce the SSH passphrase, but after 5 tries of guessing the Yubikey PIN it self-destructs.What yubikey are you talking about? I have a password protecting my ssh key but the yubikeys I've used (including the FIPS version) spit out a string of characters when you touch them. No pin. Regards, Bill Herrin -- William Herrin bill () herrin us https://bill.herrin.us/
Current thread:
- Re: crypto frobs, (continued)
- Re: crypto frobs Christopher Morrow (Mar 23)
- Re: crypto frobs George Michaelson (Mar 23)
- Re: crypto frobs Christopher Morrow (Mar 23)
- Re: crypto frobs William Herrin (Mar 23)
- Re: crypto frobs Warren Kumari (Mar 23)
- Re: crypto frobs William Herrin (Mar 23)
- Re: crypto frobs Michael Loftis (Mar 23)
- Re: crypto frobs Michael Loftis (Mar 23)
- Re: crypto frobs John Covici (Mar 24)
- Re: crypto frobs John Kinsella (Mar 24)
- Re: crypto frobs Tom Beecher (Mar 24)
- Re: crypto frobs Rob Seastrom (Mar 24)
- Re: South Africa On Lockdown - Coronavirus - Update! Michael Loftis (Mar 23)
- Re: South Africa On Lockdown - Coronavirus - Update! Warren Kumari (Mar 23)
- Re: South Africa On Lockdown - Coronavirus - Update! Owen DeLong (Mar 23)
- Re: South Africa On Lockdown - Coronavirus - Update! Warren Kumari (Mar 23)
- Re: South Africa On Lockdown - Coronavirus - Update! Owen DeLong (Mar 23)
- Re: South Africa On Lockdown - Coronavirus - Update! Christopher Morrow (Mar 23)
- Re: South Africa On Lockdown - Coronavirus - Update! Michael Loftis (Mar 23)
- Re: South Africa On Lockdown - Coronavirus - Update! Joshua D'Alton (Mar 24)
- Re: South Africa On Lockdown - Coronavirus - Update! Mark Tinka (Mar 24)