I've created a new plugin for keepass2 to allow challenge-response 2nd factor authentication. This is superior to OTP in certain scenarios; for example, it allows you to use multiple yubikeys to access the same database. You can find it at https://sourceforge.net/projects/keechallenge/. It's very much an alpha release right now, so be warned. That said, it runs well on my system. If there are any other developers out there who'd like to contribute (especially those with Mono experience) please let me know.
Very nice, thanks for creating this plugin!
I've added it to the KeePass plugins page:
Hi Ben, thanks for creating this. I have some concerns with regards to the security of this plugin. I posted my question on stackexchange (http://security.stackexchange.com/questions/57366/keepass-otp-plugin-circumvents-inbuilt-protections) but have no answers so far.
My question is:
According to the documentation, the a secret is encrypted and can only be decrypted using the TOTP. However if it is done so, isn't the weak link now the encrypted xml file (plus there is a recovery key backdoor) rather than the encryption algorithm of KeePass? As far as I can tell, things that KeePass does to keep itself safe from brute attacks (e.g. encrypt multiple times) is compromised by the use of this plugin. Am I right or did I miss something?
From my reading of the doco I think the secret is the master key to your database. An attacker, knowing this, can attempt to brute force the database using passwords conforming to the format of the secret. At this point the usual KeePass brute force deterrents come into force. An attacker does have a much smaller list of possibilities to work with, which is the same for any OTP implementation in KeePass at present.
Sorry I took a while to notice this post. KeeChallenge uses the shared secret stored on the yubikey as the encryption key. This secret should exist in 3 places: on the yubikey, written down on paper somewhere secure, and encrypted in the xml file. The secret in the xml file is encrypted using AES256 symmetric encryption. The encryption key is the SHA hash of the expected response. The yubikey secret itself is 20 random bytes, which does reduce the search space slightly. I'd leave it to a crypto professional to judge the security of these attack vectors, but my research indicates that they're sufficiently secure.
However, this is all a moot point. For a truly secure database you should never rely on just the yubikey. KeeChallenge is intended to be used to form a composite key in combination with a master password. When used in this way, we get to take full advantage of all of Keepass' built in security measures and it ensures that simply stealing the yubikey won't compromise your database. I will clarify this on the main page and in the readme. Thanks for your input!
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.