On Thu, 7 Oct 2010, Ricky Zhou wrote: > On 2010-10-07 07:25:47 PM, Mike McLean wrote: > > On Thu, Oct 7, 2010 at 5:51 PM, Paul Wouters <p...@xelerance.com> wrote: > > > I have one and I've played with it in fedora. There is however an > > > important > > > catch. The server and the yubikey share the same AES symmetric key. This > > > means > > > that if the yubikey is used for multiple sites by one user, that user is > > > sharing > > > is his "private key" over various external sites. > > > > > > So if fedoraproject would accept it, and the same user uses this yubikey > > > for > > > another site, and that other site gets hacked, then fedoraproject could be > > > hacked as well. > > > > > > I guess in a way it is like using the same password, but people might not > > > be > > > thinking of that when they have a "device" on them that they use. > > > > Wow, that's a serious weakness. Are we sure about this? > In order for this to happen, the user would have to explicitly take down > the generated AES key while it is being written to the key and then > submit it to the other site. I don't think this is really something we > need to worry about. >
I had this atack in mind when I designed the burn script. The key never touches the drive during the burning process s othe attack window here, while real, is very tiny. Certainly safer then typing your username and password everywhere all the time :) -Mike -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel