Comments (3)
The Nitrokey is not supposed to be secure agains MITM attacker on the USB connection. This is the same as with local smart cards which receive the PIN in cleartext.
AFAIK the idea of the temporary password is to minimize the time the actual PIN needs to be available (stored in RAM) on the client computer. But this would come as a bonus and doesn't provide guaranteed security (in case of malware for instance).
from nitrokey-pro-firmware.
I'm still not quite understanding the design here.
Yes, the idea with the temporary password to protect the pin makes a lot of sense. What I find surprising is to have both the authorization via temp password and then getting the code using a command with the authorized CRC as a two step process.
Transmitting the password as part of GET_CODE would be sufficient. Why the detour using the CRC32?
The USER_AUTHORIZE detour in the protocol still makes this vulnerable, even without MTIM, because the CRC32 of authorization requests is fairly predictable. The attacker doesn't need to be a MITM.
A possible mitigation strategy would be to fill the GET_CODE command with random data in the unused bytes. That would protect against faked GET_CODE commands with up to 32bit entropy.
However, 32bit is still not all that much, especially given the fact that using the 200bit password directly would provide much more security while simplifying the protocol quite a bit.
from nitrokey-pro-firmware.
I would like to note that the audit of the storage firmware notes the same issue (fixed in Storage firmware): "NK-01-007 OTP commands can be used without authorization"
The described attack is a little more straightforward than what I had in mind (wish I would have thought of their example...), but the underlying issue is the same (reversibility of CRC32).
The suggested fix is also the same: "It is recommended to send temp_user_password with every report that requires it and remove the CRC32 code."
I think this can be fixed in a backwards compatible manner if the app just does both and USER_AUTHORIZE does nothing in the fixed firmware. Just in case you want to avoid bumping the version (sounds like a bad idea though imo).
from nitrokey-pro-firmware.
Related Issues (20)
- Nitrokey HSM: handle v4.0 smart cards
- Question: Support EC operations HOT 1
- Request: support longer OTP secrets, up to 64 bytes
- Nitrokey HSM: timeout on initialization after heavy use
- Nitrokey HSM: invalid serial number after a heavy load
- Allow to set a custom USB serial number
- WRONG_PASSWORD after accessing Nitrokey with scdrand HOT 10
- Adjust firmware for the new MCU
- Customise firmware HOT 3
- Adding Curve25519 support (on my own) HOT 2
- Consider using stack canaries via -fstack-protector* flags HOT 2
- Instructions with modern OpenOCD? HOT 6
- HW4: swapped red and green LEDs
- Lock device before Factory Reset execution
- Add HMAC for AES key
- OTP functionality HOT 7
- Document minimum compiler version
- Nitrokey Pro firmware upgrade from 0.9 -> 0.14 impossible from nitropy? HOT 6
- R3 Nitrokey Pro failure to enable update mode HOT 6
- PGP key used to sign binary firmware is not available HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nitrokey-pro-firmware.