Comment by nothrabannosir

5 months ago

Which makes yubikey impossible to use with geographically distributed backups. You need the backup available at all times for when you want to register with any new service.

This is why you should use a device which allows exporting the seed, like e.g. multi purpose hardware crypto wallets.

13 comments

nothrabannosir

Reply
Nextgrid  5 months ago

This is true for passkeys/webauthn/u2f, which is why it’s trash and a completely flawed and not fit for purpose standard (of course the primary purpose is vendor lock-in, not reliable and disaster-proof authentication).

But SSH allows you to export the public key and then you can enroll it on as many hosts as you want without needing access to the private key, so the backup key can remain in a safe, ideally forever as you should never need it.

  • lxgr  5 months ago

    I agree that it's inconvenient in many cases, but what vendor am I being locked into, exactly? My primary hardware key can be from a completely different vendor than the backup one, so I don't quite buy the conspiracy angle.

    There's also no technical obstacle preventing anyone from creating "paired" hardware authenticators that share the same internal root derivation key and can as such authenticate to all services (at least if they don't demand resident credentials) that were registered to any of the keys in the set.

    The fact that these keys don't exist on the market (I believe Yubikey looked into them a while ago) more is evidence for the lack of demand, and less for the existence of a cabal, in my view.

    • Nextgrid  5 months ago

      Being locked into a set of a handful of vendors who offer "secure" sync (of course, this is not a true PKI and actual key material is being synced, meaning it's only as secure as the syncing protocol and your authentication to it).

      Authenticator implementations who allow exports outside of the vendor cartel are threatened to be blacklisted: https://github.com/keepassxreboot/keepassxc/issues/10407

      > My primary hardware key can be from a completely different vendor than the backup one, so I don't quite buy the conspiracy angle.

      The fundamental flaw is that enrolling an authenticator requires it to be present, making a backup strategy much less resilient as it means your secondary device needs to be constantly present and thus exposed to the same local/environmental risks the primary one is (theft/fire/faulty USB port that fries everything plugged in and you only realize after nuking both your keys). It makes an offline backup scenario like with SSH (where you copy a public key and otherwise leave the authenticator out of reach in a safe place) impossible.

      Making it hard/impractical to maintain a reliable backup yourself sure makes those proprietary sync-based services attractive, which also doubles as reducing security since key material is being synced and can potentially be extracted (impossible with a true HSM + PKI implementation).

      > preventing anyone from creating "paired" hardware authenticators

      Don't certain types of keys involve writing something to the authenticator, fundamentally preventing this (as the backup authenticator won't get this written value)?

      > cabal

      It doesn't have to be explicit coordinated action like intentionally wanting to prevent people from self-managing passkeys (in fact any hint of it being intentional would be a liability in a potential anti-trust situation, so that's a big no-no); it can be done by simply omitting this scenario, by accident or for "security" purposes, or deprioritizing it to hell. In fact the Credential Migration spec is still a draft and appears quite recent, despite passkeys being heavily promoted for a while: https://fidoalliance.org/specs/cx/cxp-v1.0-wd-20241003.html - you'd think that such as basic feature would be sorted before the push to switch to passkeys no?

      In fact you see this exact strategy playing out: https://github.com/keepassxreboot/keepassxc/issues/11363#iss...

      > For the initial delivery of Credential Exchange, we focused on the most wide use case [emphasis mine]

      "Initial" delivery focuses on the most widespread use-case (how convenient it also happens to be the most corporation-friendly use-case), with everything else coming "later", meaning never. I'm sure it'll rot in some Jira backlog as a liability shield so they can promise they did plan for it and just never got around to it, but everyone understands it will never actually get implemented.

      4 replies →

jwr  5 months ago

Not true. If you use YubiKeys to store your GPG key, it's not a problem. You can have multiple YubiKeys with the same private key, or you can encrypt to multiple recipients.

epistasis  5 months ago

Are you talking about SSH or a different setting?

With SSH, you can always share the primary and backup pub keys, even if you don't have the backup key handy.

  • nothrabannosir  5 months ago

    No I got distracted by the word yubikey. Arguably not the same subject. :)

    • epistasis  5 months ago

      Nonetheless I'm glad to hear about it. I don't yet use YubiKeys for FIDO, because I was concerned a bit about this enrollment process, and hadn't bothered to figure out what others do.

lxgr  5 months ago

> You need the backup available at all times for when you want to register with any new service.

Not for SSH (at least using the OpenSSH sk implementation).

traceroute66  5 months ago

> Which makes yubikey impossible to use with geographically distributed backups.

Huh ?

You do know you can wrap a symmetric key with multiple asymmetric keys, right ?