Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Is there any risk, if a database of U2F device key handles are leaked? Enrolling

ID: 656746 • Letter: I

Question

Is there any risk, if a database of U2F device key handles are leaked?

Enrolling a key works by: Send Enroll request with "AppID" to U2F device. U2F device answers with "Key Handle, Public Key".

Authentication works by: Send Auth request with "AppID, Key Handle, Challenge" to U2F device. U2F device signs this and returns "Signed Challenge" to server.

"Key handle" is a opaque item, that might be a encrypted private key, that is encrypted by the U2F smart card controller, but it might also be information that is only usable for the smart card controller to regenerate the private key, like a seed that is put into a determitisc RNG that is unique for that U2F device, a HMAC generation routine (Yubico U2F uses this), or it might just be a simple ID that Points to internal storage in the U2F key, but that would limit the number of websites the U2F key can be enrolled with.

According to the standard, the user should be authenticated by username+password Before starting U2F authentication.

But lets say we omit the password completely, and instead allow the user to put in their username, then they are taken to the U2F authentication, and voil

Explanation / Answer

Bottom line: It really depends on what you consider "risk". If by "risk", you mean exposing your service to the potential for a remote exploit, then no, there is no additional risk as long as the FIDO U2F token is implemented properly.

Such an implementation does allow someone with physical access (via NFC, for example) to the token to easily confirm whether a given token is associated with a specific account. For example, if I suspect an association between a specific person (who uses an NFC U2F token, like a Yubikey NEO) and an online identity on your website, then I could quite easily verify this suspicion without their knowledge if I can get close enough to them.

It also reduces you back to practically single factor authentication.

Different tokens may also have different lengths of the key handle. If the user uses a token with an unusual key handle length, then this may be be a method for helping to rule out token models.

If there happens to be a weakness in the FIDO U2F implementation on the token is using, then there is a chance it could be taken advantage of... But in such a case the token's implementation is probably the larger issue.

Ultimately I think the decision to do something like this depends on your security requirements. What are the implications of someone associating one of your accounts to a specific token/person? If an account is compromised, how much damage would be done?

Related Questions

Is there a valid reason for the browsers to prefix new CSS features, instead of
Question #649995
Is there a way i can input people\'s name and last name instead of just one lett
Question #3635011
Is there a way to calculate if an impact from a given asteroid (say 5 miles in d
Question #1319671
Is there a way to compress this code down? if so how? and is it possible to expl
Question #3775445
Is there a way to determine which machine on an active directory network is the
Question #657075
Is there a way to deterministically create an RSA private-key for an X.509 certi
Question #661353
Is there a way to draw this figure using autoCAD with the given dimensions? If s
Question #1843515
Is there a way to fix this? I keep getting an Off one error : -1 Is there a way
Question #3767185
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Is there any risk to an Activation Email? My ASP.NET Site is set up so that a us
Next
Is there any scheme, ideally one widely used or at least widely available, where

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.