Ask HN: Alternatives to Yubikey?
I haven't had a good experiencing with Yubikey's support and sales team and I'm looking for an alternative.
What other keys are people actively using?
I'm interested in something with equivalent features to the Yubikey 4 (NFC not required, U2F mandatory). This came up last week on the OpenPGP discussion; here's a re-post -- no one else has mentioned the sc4-hsm yet. https://news.ycombinator.com/item?id=14495213 Open source (-ish?) Yubikey alternatives https://sc4.us/hsm/ $75 | https://news.ycombinator.com/item?id=12053181 https://trezor.io/ $99 | https://news.ycombinator.com/item?id=10795087 (not much on HN) https://www.floss-shop.de/en/security-privacy/smartcards/13/... €16.40 (OpenPGP Smart Card v2.1; 4096-bit keys) https://www.fidesmo.com/fidesmo/about/privacy-card/ €15 (NFC only; recommended by the terminated SIGILANCE OpenPGP Smart Card project; 2048-bit keys) It's a bit offputting that the SC4 calls itself a "hardware-secure module" which seems to be a unique term (vs hardware security module). It's worth considering: almost nobody who uses Yubikeys loves them, but they are by a wide margin the tokens experts recommend most. I use my yubikey and I love it. I have it set up to do GPG, SSH, TOTP, and U2F and it works great. It is worlds better then any other Smart Card or second factor out there, and U2F is literally just plug it in and tap it. Have you got a writeup of the ssh setup methodology you used? (I've tried scouting around, but not found anything clear yet. Someone's done native support in ssh, but the patch set is hung up on licensing issues and technical quibbles[1], and some of the PAM-based setups seem to require cut-and-paste of crypto strings on every login.) I use this: http://www.bootc.net/archives/2013/06/09/my-perfect-gnupg-ss... Coupled with a standard yubikey+gpg agent setup Maybe look at my dotfiles if you are stuck: Thanks! The U2F bit is a dream, yes. The rest of it not so much. What do you recommend? Is there any sort of backup in case it gets destroyed or lost? Can you clone it? The entire security model depends on the devices being uncloneable. But my security model does not allow putting myself in a position where I am stranded without my second factor (or doing huge amounts of work re-registering everything). That's why you set up backup factors. It is for the same reason that services like Google Mail won't let you set up a U2F token without a backup factor. The only backup I know of is getting another key that you register in the same way as the first key. Hopefully they don't both break at the same time. The problem is largely with their docs, or lack thereof. Just figuring out how to use one as a token for ssh is incredibly painful. The docs are very "enterprise," meaning half-done, overly complicated, confusing, scattered, etc. It is extraordinarily annoying to set up a Y4 for SSH. We use gpg-agent in ssh-agent compat mode. It would be better if they supported the OpenSSH PKI format. There was a series of changes, e.g. regarding platform keys, software source availability etc etc. I think there were some "I don't endorse this anymore" posts, although I don't really remember the details. I've read "I don't endorse this" from open source advocates, but none from crypto engineers. I recommend the OnlyKey: https://www.amazon.com/OnlyKey-Color-Password-Manager-Obsole... The device uses strong encryption (where legal), and goes beyond U2F to include password management, certificate storage, OTP/Google Auth, and plausible deniability. The hardware is teensy-based, and the firmware is open source. The devs have released fairly regular updates, and even encourage hacking on it to meet custom needs. Given Amazon's problems with counterfeit items, I'm not sure I'd buy something like that from them. Thanks! I didn't know about the OnlyKey, being a Teensy fan and looking for a yubikey alternative, this looks really good. I already ordered one :) I love the feature they keep passwords in fact on the device itself, not as a key to enable password manager. I was looking for something like that. If only they offered strong encryption for Europe! Does not ship to the Netherlands... Meh! They have an international version that does not ship with encryption of the data stored on the device, to deal with the various laws around encryption in other countries. However, there's no hardware difference, and since it's all open-source, there's nothing stopping you from loading the "US" firmware on the "International" version. More info at their site: https://crp.to/ Perfect. Thank you! I think for international customers it's better to buy a working product with international support like yubikey rather than a crippled product like this. You can buy the international edition with PayPal and re-flash it. I am interested to find out more info on the tamper-resistance of the hardware. Trezor? https://blog.trezor.io/secure-two-factor-authentication-with... It is also hackable: https://doc.satoshilabs.com/trezor-tech/resources.html Another hardware wallet that supports FIDO/U2F is the Ledger Nano S: https://www.ledgerwallet.com/products/ledger-nano-s The downside of this and the Trezor is that you need a cable to connect it to a device. While we're at it, is there one that: - Lets me store certificates and PGP keys - Has two factor authentication (U2F) - Has open hard and software (source-available) Basically, a USB pen drive that allows U2F, and is can be made read only (either by a switch or only writable over a special interface). I don't really need tamper-resistance, pre-generated keys, smart cards or any other advanced features. The difficulty with PGP keys, is that the most common implementation, GPG, wants complete control of the device and does not let it be shared so that other interfaces, like PKCS# can be used. So if you want something for both GPG and other purposes, it really needs to present as two separate devices, or you need to go hacking a branch of GPG. When I looked into doing this, it seemed that upstream would not be interested in interoperation with other smart card standards, so it may not get accepted into upstream. At least that was my experience. If somedbody can correct me, I'd be incredibly grateful. I can suggest using TREZOR and Ledger Nano S hardware devices for common GnuPG operations, e.g. signatures and decryption. Please take a look at https://github.com/romanz/trezor-agent/blob/master/README-GP... for more details. Disclosure: I am the main developer of this project. Huh, interesting. I didn't even know GPG could handle devices as such. I was just looking for a device that holds my key files (like for email, ssh, ...). Would of course be great if you could hand the device some plaintext and it would encrypt it without the key leaving it, but I didn't even think about that to be honest. But it makes sense :-). Boot time and physical size might prove to make it unwieldy, but could you use a Pi Zero in a gadget mode with OTG? You can have it emulate USB HID, so presumably U2F would be workable, and it'll do USB Mass Storage too. Open hardware and software. Unless you install some TPM module, RPi itself has no tamper-resistant storage and has DFU (so, basically plug it into a wrong device and it'll be able to run arbitrary code, pulling all secrets). An FST-01 is a somewhat better choice, but Gnuk doesn't implement U2F. If someone has enough time and knowledge I don't see why it won't be possible to add it, though. Parent-poster said tamper-resistance wasn't an issue in their usage case. But are you sure it'll DFU over USB? If so, for avoiding DFU, could you use some simple hardware to disable the data lines on the OTG port until the Pi had finished booting? Could one use an i2c or spi based crypto chip for key storage? Actually, no. I think I have confused RPi with some other board. Don't have Pi at hand to test for sure, but searching online can't find mentions of USB DFU. I think I may be mistaken. NitroKey (https://www.nitrokey.com/) is the non-crappy version of YubiKey. I have two of their U2F and if the OP's problem is sales and support, I'm not really sure Nitrokey are without issues as well: 1) Ordered 2, received 1. Thankfully, support quickly sent the second one once I wrote to them. 2) Now they only work when I plug something else to another port to my Mac (no such problem with Yubikey). No reply since April 29: https://support.nitrokey.com/t/nitrokey-u2f-issues-in-macos-... Edit: I now noticed they have a different U2F version — the previous one was a card that you fold to make it into a USB dongle. Feedback from Nitrokey (I'm working with them): 1) We are changing our warehouse process, adding a technical QA step, so that such mistakes won't happen anymore. Sorry for the trouble. 2) As you noticed, the former U2F is going to be replaced by a new FIDO U2F device which contains a full USB plug for better reliability, is more durable and has a touch button. Great, thank you! + It is (fully) open source - Doesn't support U2F (yet) - Supports only one password manager [1] - Recommends using their own password manager (That has a limit of 16 passwords) [1] https://www.nitrokey.com/documentation/applications#a:passwo... Unfortunately it's not _fully_ open source. They don't say it anywhere on their webpage, but they use an [OpenPGP Smart Card](https://www.g10code.com/p-card.html) internally, where some of the implementation by ZeitControl isn't open source. g10 has a reference implementation that is fully open source, but there's some additional (timing?) attacks that Zeitcontrol has implemented and cannot release. Note the NitroKey start is a gnuk implementation and is fully open source. The tamper-resistant models are using the BasicCard with Zeitcontrol software. According to that page, the only variant that does U2F does nothing but U2F. yeah what is with that? I want all the boxes ticked! What is non-crappy about it compared to the YubiKey? Here are a list that someone has collated - http://www.dongleauth.info/dongles/ The alternative to Yubikey that I am aware of is NitroKey, but can't say I am aware of how they match up, feature for feature It's fully open-source, but the only standard application currently supported is U2F. Disclosure: this is my product. FYI your website is blocked by my work proxy:- Access Denied (content_filter_denied) Your request was denied because of its content categorization: "Placeholders" Very sorry about that, but I have no idea what I can do about it. The page is not a placeholder. It's a very generic Bootstrap page with real content. I've given up on yubikey at this point. I love the form factor, but it was easier in the end to build a different second factor infrastructure than it was to deal with the company. I've been toying with the idea of building an open source replacement and fabbing it with a shuttle service but ultimately the cost is really too high to justify. What was you issue with support? I've had 2 Yubikeys replaced at their cost after published security exploits highlighted shortcomings. Also haven't had one fail on me yet. Would be curious to learn what your experience was. They are unresponsive for really simple questions (email/Twitter). Their local reseller is not interested in non-business sales. What are you hoping to do with yubikey / what was your question? The DIY open source alternative: https://u2fzero.com/ Is...that...safe? I'm all for the a DIY solution, but considering how much of a pickle I'd be in if all of my 2FA tokens were inaccessible, wouldn't the average person want some kind of case or shielding around the exposed board? Give me an enclosure like Samsung's metal flash drives[0], and then I'd be sold. [0]https://www.amazon.com/Samsung-METAL-Flash-MUF-32BA-AM/dp/B0... The Github page has this to say: "The token should be durable enough to survive on a key chain for years, even after going through the wash." [0] I'd guess covering it all with hot glue would provide sufficient protection. Hot snot gets icky with time, rather use a conformal coating; they're available in spray-form as well (e.g. CRC Urethan or Plastik 70). That being said FR4 is a really tough material and it's quite difficult to pry SMD parts off. Those Samsung flash drives are nice, I have several. ~22MB/s write, and ~130MB/s read. Slightly out of topic, is it possible to create one with similar function to yubikey with USB flash drive? For me, the ideal solution would be a cross platform password manager software which stores your encrypted vault ... somewhere -- I hate the "cloud" word but let's use it -- and then has a small display which the password manager on your phone can read and decrypt the vault with it. It's just a few hundred (thousand at most) bits that you need to carry across, not a big deal. For desktop / laptop / charging, it needs to be USB pluggable. Physical form factor approximately like https://www.adafruit.com/product/2690 this or http://www.ebay.com/itm/Mini-4GB-LCD-Screen-Display-MP3-Musi... this. The problem currently is a) most sites want passwords b) I do not want to mess with cables c) NFC is not ubiquitous. Not exactly Yubikey but USB Armory has some close features: https://www.crowdsupply.com/inverse-path/usb-armory The following example security application ideas illustrate the flexibility of the USB Armory concept: I too had poor experience with support and also weak documentation, but I pushed through it and I'm very happy with the product now that it's integrated with my app. They seem to practically 'own' the space and I have some confidence in the longevity of the product. The Feitian ePass: https://www.amazon.com/Feitian-ePass-NFC-FIDO-Security/dp/B0... Can't vouch for it (either product or support), but it exists. Nitrokey (formerly CryptoStick) AFAIK they are used at Mozilla. The Firmware is Open Source. Downside is that not all their dongles support U2F. Actually, none does: https://www.nitrokey.com/#comparison The only dongle to support U2F is currently only available for pre-order, with ETA in autumn 2017. There's also this thing
https://www.protectimus.com/protectimus-slim-mini
A little different because it does not plug in, but very convenient. It seems like the usb key solutions are likely to get left plugged into the port, and so get stolen along with the laptop. The protectimus idea is to keep the key on you at all times. Sounds like an opportunity for someone to make consulting money. I have found their docs lacking, but never tried support. Once I muddled through and figured out what I needed, I have been very happy. That said, I have looked for alternatives and found none. I am most disappointed in the mediocre coverage of their RDP drivers. I need to use all the features over RDP. Some work and some don't. Perhaps? * Do not allow smart card redirection Group Policy object Can some folks also speak to the audit consensus on some of these? It seems with many of the newer / open source solutions, few of the end products actually got audited by a competent external security firm / researcher, right? I just wonder - if the same key is used for enabling password manager and 2FA ... is it still 2FA? I mean, having the token you get both access to password and second factor to a service. I'm annoyed that Lastpass still doesn't support U2F, and I don't really understand the delay at this point. Their official response is "because not all browsers support it". It could be a valid business decision (I.e. uneven browser support will confuse our users and increase costs) but I think they are just using that as a delay tactic. Out of curiosity... is Google Authenticator dead? The iOS app hasn't been updated in quite a while (Feb 22, 2016). Does it need an update? I'd love to be able to select the background color of entries and edit the text at the top of the entry, rather than just the bottom. Try authy or freeotp or any of the other available on f-droid I've had good experiences with Yubikeys thus far. I still have two of the Symantec VIP tokens from years ago that I've never had issues with. I recently bought a Neo to test out NFC (NFC support on the HTC 10 seems deplorable for smart card reading btw). I also purchased a few 4c tokens and so far they've worked great although I haven't been using them for very long. The gotchas I've encountered while using them on OSX: For people asking about backing up material on OpenPGP modules: these are write only. Generate your material locally with gpg instead of generating them on the smart card itself and use the keytocard command to copy the keys to the card. You can backup your keyring prior to moving keys and restore it before copying keys to each card or ctrl c out of gpg without saving the keyring references for the material that was moved to the smart card. I used bits and pieces from a few guides to get the setup I wanted as this was my first experience with smart cards and advanced use of pgp: https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubike... https://rnorth.org/gpg-and-ssh-with-yubikey-for-mac http://suva.sh/posts/gpg-ssh-smartcard-yubikey-keybase/ https://www.jfry.me/articles/2015/gpg-smartcard/ https://spin.atomicobject.com/2013/11/24/secure-gpg-keys-gui... https://alexcabal.com/creating-the-perfect-gpg-keypair/ Overview of my process (on an air gapped machine): https://developers.yubico.com/ykneo-openpgp/ResetApplet.html https://www.yubico.com/support/knowledge-base/categories/art... SecurID has been the gold standard for more than a decade. Not to dismiss YubiKey but companies that can afford 2 factor and take security seriously already have SecurID for a long time. SecurID is just an expensive TOTP implementation (although a very established one, as you noted) That "gold standard" required reissuing 40 millions of devices in 2011 due to a single server breach. Lockheed-Martin was apparently really, really happy about it, too. If that's your desired level of security, just use any TOTP authenticator app on your smartphone. SecurID also does private key, certificate authentication and much more. The TOTP is just one of many options. A lot of mails going to the post office. That's one of the good thing about this hardware tokens, you can decommission and replace them easily. What's expensive it to redo all your applications and systems to have 2 factor authentication. Smartphones are insecure unless you can control all your users have new Apple phones. The problem with many affordable TOTP tokens is clock drift. Are RSA's tokens better with that? Was there a practical attack on TOTP on smartphones that affected 40M users and spilled industrial secrets? SecurID managed to hit both of these.
mass storage device with advanced features such as automatic encryption, virus scanning, host authentication and data self-destruct
OpenSSH client and agent for untrusted hosts (e.g Internet kiosks)
router for end-to-end VPN tunnelling
Tor bridge [see this, for example]
password manager with integrated web server
electronic wallet [the Electrum Bitcoin wallet works out of the box on the USB Armory. It has been tested with X11 forwarding from Linux as well as Windows hosts.]
authentication token
portable penetration testing platform
low level USB security testing
The "setup" instructions that are referenced in the packaging and on parts of the site are for basic use of OTP. Real documentation is here: https://www.yubico.com/support/knowledge-base/categories/gui... - The pins for PIV and OpenPGP are separate as these are separate modules on the card.
- You can't use the PIV or NEO GUI managers and gpg at the same time. You might have to unplug and plug the token
back in when switching back and forth between GUI/cmdline Yubico tools and gpg.
- Forgetting to change my environment to use gpg-agent instead of ssh-agent.
- Typing in my local password instead of the PIV pin when logging into OSX while I have a token with PIV enabled
plugged in.
Resetting the applet if you messed up or want to start fresh: - Configure gpg.conf.
- Generate master, subkey, and revocation material on an encrypted USB drive for offline backup of materia
along with revocation certificates.
- Backup original .gnupg directory to another folder on the encrypted USB drive.
- Copy .gnupg directory to second encrypted USB drive for offsite backup.
- For each smart card I wanted the same material on:
-- Change default user and admin pins.
-- keytocard subkeys for (S)ign, (E)ncrypt, (A)uthenticate (without saving keyring).
-- Require local touch for all material ( Yubico specific: https://developers.yubico.com/PGP/Card_edit.html ).
-- move on to next card.
-- save keyring after running keytocard on the last card so the subkey material no longer exists in the local keyring, only
references to it (this might not be necessary, I need to test).
- Generate a copy of the keyring without master key to use on daily machine(s). Might also only need to have the master
material minus the key in the keyring as noted above. I haven't tested how
- Copy new keyring to another USB drive for transferring to daily machine(s).
- Configure gpg-agent.conf and gpg.conf on daily machine.