nixpkgs-suyu/nixos/modules/system/boot
Moritz Maxeiner 8e74e1fded Replace the current Yubikey PBA implementation with the previous one.
Rationale:
  * The main reason for choosing to implement the PBA in accordance
    with the Yubico documentation was to prevent a MITM-USB-attack
    successfully recovering the new LUKS key.
  * However, a MITM-USB-attacker can read user id and password when
    they were entered for PBA, which allows him to recover the new
    challenge after the PBA is complete, with which he can challenge
    the Yubikey, decrypt the new AES blob and recover the LUKS key.
  * Additionally, since the Yubikey shared secret is stored in the
    same AES blob, after such an attack not only is the LUKS device
    compromised, the Yubikey is as well, since the shared secret
    has also been recovered by the attacker.
  * Furthermore, with this method an attacker could also bruteforce
    the AES blob, if he has access to the unencrypted device, which
    would again compromise the Yubikey, should he be successful.
  * Finally, with this method, once the LUKS key has been recovered
    once, the encryption is permanently broken, while with the previous
    system, the LUKS key itself it changed at every successful boot,
    so recovering it once will not necessarily result in a permanent
    breakage and will also not compromise the Yubikey itself (since
    its secret is never stored anywhere but on the Yubikey itself).

Summary:
The current implementation opens up up vulnerability to brute-forcing
the AES blob, while retaining the current MITM-USB attack, additionally
making the consequences of this attack permanent and extending it to
the Yubikey itself.
2014-02-03 22:50:17 +01:00
..
loader gummiboot module: Don't use obsolete environment.nix option 2014-01-05 15:53:39 -05:00
kernel.nix nixos initrd: load atkbd, not xtkbd 2013-12-23 09:01:45 +01:00
kexec.nix Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
luksroot.nix Replace the current Yubikey PBA implementation with the previous one. 2014-02-03 22:50:17 +01:00
modprobe.nix pull module blacklist from Ubuntu and use it by default 2014-01-28 12:52:36 +01:00
readonly-mountpoint.c Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
shutdown.nix Disable various services when running inside a container 2013-11-26 18:19:45 +01:00
stage-1-init.sh Shut up "failed to resume" warning if there is no resume device 2013-10-30 18:47:43 +01:00
stage-1.nix Add support for lightweight NixOS containers 2013-11-27 17:14:10 +01:00
stage-2-init.sh Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00
stage-2.nix Add lots of missing option types 2013-10-30 18:47:43 +01:00
systemd-unit-options.nix Allow services to specify a pre-stop script 2013-11-26 18:24:55 +01:00
systemd.nix systemd: Enable specifying extra config files for a unit 2014-01-18 11:10:39 -05:00