Pages:
Author

Topic: Having a YUBIKEY as one of the parties for m-of-n signatures - page 2. (Read 4567 times)

legendary
Activity: 1358
Merit: 1003
Ron Gross
Yubikey uses symmetric crypto. The entity validating the Yubikey code knows the Yubikey's secret key and can therefore produce valid Yubikey codes for the person being validated. Even if Script was powerful enough to validate Yubikey codes (it's not), you'd have to publish your Yubikey secret key to the network, which makes it pointless.

Sad

Thanks for the feedback.

Is there another similar device based on public key cryptography?
If there were, would Script have been powerful enough? If not, why not?
Is it because it's not Turing complete, and thus it's not possible/feasible to run complex algorithms like verifying signatures?
Can this be feasibly changed in the near future?
administrator
Activity: 5222
Merit: 13032
Yubikey uses symmetric crypto. The entity validating the Yubikey code knows the Yubikey's secret key and can therefore produce valid Yubikey codes for the person being validated. Even if Script was powerful enough to validate Yubikey codes (it's not), you'd have to publish your Yubikey secret key to the network, which makes it pointless.
legendary
Activity: 1358
Merit: 1003
Ron Gross
Assumption: Yubikeys are harder to hack into than most PCs.

Can we use this assumption to construct a key storage scheme that is at least as secure as other systems, but is more convenient?

Idea: Store bitcoins at an address composed of three private keys, using a 2-out-of-3 scheme:
1. A strong password
2. A paper wallet, printed on your own computer using 2-factor paper wallets
3. A Yubikey!

The first two have been discussed before, so I won't elaborate on them.
The Yubikey address is a special kind of address, that requires usage of Scripts.

This joined address can receive Bitcoins, that can only be spent with 2 signatures out of the 3 above. The "Yubikey signature" is specifically a one-time password generated using a Yubikey, with a particular timestamp that matches the current blockchain time (to prevent replay attacks).

Advantages:
1. For this system to be cracked, you have to access to two out of the above 3 secrets. A paper wallet, printed on a clean, formatted computer which is subsequently wiped, especially using 2-factor auth, should be virtually impossible to obtain (store it in a bank vault). Your password can be accessed by a trojan, but the internal private key stored in the Yubikey cannot be retrieved, and its signatures are only valid for a very short time.

2. It is rather convenient to use. You can use this system even on semi-trusted computers ... the password element of the secret is basically just a sanity check ... even if it's compromised, the attackers can't do anything without physical access to your Yubikey or bank vault.

3. Yubikeys have 2 different password generation modes, triggered by either a short press or a long press on the key. You could have a system where a "short press password" is only allowed to transfer amounts of up to 100 BTC per day, and a "long press password" is required to manage this setting or transfer larger amounts of BTC. This way, a trojan working in real time can't snatch more than 100 BTC, despite snooping both password and OTP from the Yubikey.

Implementation
All of the above can, AFAIK, be implemented using Scripts.
More detailed specification of the protocol is left as an exercise to the reader.


Your thoughts?
Pages:
Jump to: