Questions about KeePass and Yubikey

CYPER
2013-11-27
2014-01-11
  • CYPER
    CYPER
    2013-11-27

    I would like to increase the security of my KeePass database with a Yubikey and I jave some questions:

    1 - What is the difference between OTP and OATH HOTP?

    2 - If I understand correctly Yubikey can only be used in 2 modes with KeePass - OTP and static passwords and for the former I need the OtpKeyProv plugin. Correct?

    3 - When used in static mode the Master Password field of KeePass is populated with the same static password each time the Yubikey is pressed, right?

    4 - Is the Master Password used too in OTP mode with the OtpKeyProv plugin?

    5 - If I want to crate a backup of my Yubikey in case it is lost or stolen I need to safely record the private key for OTP and the static password for Static password mode?

    6 - I read that Yubikey uses an authentication server. So how does that work exactly? Does it do some online check every time I press the button and it populates the Master Password field?

    Thank you.

     
    Last edit: CYPER 2013-11-27
  • CYPER
    CYPER
    2013-11-29

    Thank you for your answer.

    In regards to question 1: I googled for more information, but most of it is very technical and I fail to understand the difference. Is one time based and the other counter based?

    Question 4 - I meant the Master Password field. Is that field used to populate the OTP data?

    Question 6 - My question was mostly general and not related to KeePass. I realize this is a KeePass forum though :)

    Also do you have any idea if it is possible for a software keylogger to record the static password being sent from the Yubikey to the application (being KeePass or any other)?

    Thank you again.

     
  • wellread1
    wellread1
    2013-11-29

    Q1: Both HOTP (counter based) and TOTP (time based) one time password (OTP) generators are counter based. However, they use different counter schemes. An HOTP generator increments the counter each time it generates an OTP (e.g. starting from 0 and incrementing by 1 after generating an OTP). A TOTP generator calculates the needed counter based on the time (e.g. incrementing the counter by 1 every 30 seconds where 0 began on 00:00:00 UTC on 1 January 1970 (the beginning of the Unix epoch). See section 4 of RFC 6238 for the TOTP counter incrementing scheme. The incrementing counter "C" and a fixed Secret "K" are arguments for the OTP generator function.

    Q4: You can still use a Master Password. If you do use a Master Password it is needed in addition to the OTPs required (3 minimum). The OtpKeyProv plugin is effectively replacing the key file portion of a database's Master Key with one or more encrypted copies (determined by the lookahead setting) of the fixed Secret. The OTPs are used to encrypt the Secret. A minimum of 3 pseudorandom OTPs are required to provide sufficient protection of the Secret. It is not feasible for KeePass to use TOTPs to encrypt the Secret.

    The OtpKeyProv has a Recovery mode where you can use the Secret directly as a required portion of Master Key to unlock your database and reset the counter. You should take great care not to lose the Secret.

    Q6: You will have to discuss that with Yubikey

    Also do you have any idea if it is possible for a software keylogger to record the static password being sent from the Yubikey to the application (being KeePass or any other)?

    Yes, attack software on a compromised computer may be able to do anything that an Administrator can do.

     
    Last edit: wellread1 2013-11-29
  • CYPER
    CYPER
    2013-11-29

    So which one is the most secure in regards to protecting KeePass - HOTP or TOTP?

    Also there is a 3rd one: Challenge-Response. How does this one work?

    Thank you again.

     
  • wellread1
    wellread1
    2013-11-29

    TOTP is not supported by KeePass.

    Challenge-Response is not supported by KeePass.

     
  • Paul
    Paul
    2013-11-30

    None are secure on a compromised computer. The advantage of OTP is in preventing (maybe) loss of the master password on a compromised computer. You can still lose passwords for sites you use on the compromised computer, but that is less of problem.

    cheers, Paul

     
    • wellread1
      wellread1
      2013-11-30

      I think that the otp.xml file can be treated like a standard key file except that it is only usable with valid OTPs that are restricted to a range defined by the current counter and the lookahead parameter. To compromise a KeePass database protected by the OtpKeyProv plugin, an attacker would need to copy the kdbx and corresponding otp.xml file, and subsequently capture (via a key logger) one set of OTPs that falls within that range. This is only slightly more complicated than compromising a database protected with both a master password and a standard key file.

      Using OTPs with KeePass makes sense if they are more convenient than an alternate Master Key input method (e.g. one has difficulty remembering a long, complicated master password), or if one has a particular requirement to use them (e.g. a company uses OTPs as a matter of policy). Otherwise it strikes me as a complicated setup that provides excellent security that is not superior to using a Master Key with strength comparable to the weaker of a valid OTP series or the OTP Secret.

       
      Last edit: wellread1 2013-11-30
      • CYPER
        CYPER
        2014-01-09

        Will the copied OTPs be of any use, when they are One Time use only?
        He can only copy them when I use them, so they cannot be re-used, right?

        Or you mean he can somehow break the OTP encryption by having a number of valid OTPs?

        My other option was to have a very long password consisting of:
        1 - me manually typing a password I remember
        +
        2 - a static password sent from the Yubikey

         
  • Paul
    Paul
    2014-01-09

    The OTPs are only of use once, but if the attacker has copied the relevant files and OTPs he will have access to your database. Breaking the master password from OTPs is very much more difficult than copying everything, but everything can eventually be broken.

    A long and complex password is probably the best option because it is always available when you want it, assuming you can remember it, where the Yubikey password is unknown to you and not available if you lose the Yubikey.

    cheers, Paul

     
    • CYPER
      CYPER
      2014-01-10

      How would an attacker break the DB from only having used OTPs and the DB?
      Is that even possible?

      In regards to the Yubikey password - why do you say it is unknown?
      For the static password option you can print it on a piece of paper as a backup.
      For OTP mode you can do the same for the private key.
      So if you lose the Yubikey you just use the paper backup to open the DB and then set new password/OTP.

       
  • CYPER
    CYPER
    2014-01-10

    I replied in that thread, so hopefully he responds too :)

    One guy there made a good remark: that if you can open the DB with the private key of the OTP that is like a 2nd static password, so how is that different from using a single static password that is a combination of a password I know and I type manually and a password I have and added from Yubikey?

     
  • Paul
    Paul
    2014-01-11

    The OTP secret key is only used for recovery when your OTP is out of sync. It is not an additional key.

    You can use any form of master key that suits you, just make sure if it includes a key file or Yubikey static password, that you have a backup of that and that you have tested recovering your data from the backup.

    cheers, Paul