View Single Post
Old 16 Oct 2015, 12:48 AM   #24
Join Date: Mar 2002
Location: Seattle, Washington
Posts: 34
Originally Posted by 17pm View Post
Care to explain the difference between the old-school and the U2F? Let's pretend I'm 5 years old.
Hello, 17pm. Would you like a lollipop? Have a seat.

Our favorite mail provider allows using YubiKey as a second factor using what's called "OTP mode". Here's how that works: you focus in the password field, plug in the key, and press the button. That "types" a bunch of characters into the field. FastMail takes those and forwards them to Yubico's online verification service. Yubico splits up those characters into two parts: the unique, permanent ID of your key, and a one-time code (OTP) generated by your key. Then Yubico verifies that the OTP was indeed generated by your key, and informs FastMail of its decision. Then FastMail either proceeds with logging you in, or rejects you.

Most other sites that accept YubiKey do the same.

While offering some very nice security, there are some problems:
  1. Across almost all sites accepting Yubikey in OTP mode, trust rests with Yubico's online verification service. FastMail blindly accepts its response. It's a single point of failure and a single point of hacking. (The root cause is that there's only one keypair on the key. Yubico holds the public key.)
  2. All sites accepting YubiKey in OTP mode get the same permanent ID of your key. Sites can collude to track your activity and correlate your accounts.
  3. The whole type-characters-as-if-you're-a-keyboard is awkward. It works only with certain keyboard layouts, requires you to focus in the correct text field first, and isn't scalable to other protocols like NFC.

U2F is a new protocol aiming to solve these problems. Here's its description. Its highlights:
  • The key can hold multiple keypairs! Each site enrolls onto the key independently. This means...
  • No more reliance on Yubico online verification service. No more trusting a 3rd party.
  • Sites can no longer correlate users nor track users across sites.
  • Login is faster; FastMail no longer needs to delegate to another site during login.
  • No more keyboard input. Browsers (and in the future other apps) have direct communication with the key using its native protocol.
  • Thanks to having a native protocol rather than keyboard emulation, U2F can be used with USB, NFC, Bluetooth, etc.
  • U2F-only keys are cheaper.
Cluster is offline   Reply With Quote