Newbie question - lost device
474 views
Skip to first unread message
Joe First
Dec 11, 2019, 5:41:22 PM12/11/19
to FIDO Dev (fido-dev)
Hello everybody, this is the situation I am trying to understand how that would be solved: I am running Windows 10 so I can use FIDO2 for login into my account in Windows, also I can use FIDO2 for logging into one protected web server I use. I tested both with Trezor device, which also is used for storing cryptocurrencies. I would really like to use my wallets as hardware tokens to access my devices and websites. In addition to my Trezor I also own Ledger Nano S. I can set both devices to use the same private keys and I can use them to access all the accounts in the cryptoworld. What I noticed is: I installed FIDO on Trezor and used it to protect Microsof account and the website. Both I can login with no problem. Then I installed FIDO app into Ledger Nano S while thinking I will be able to use it in a case I will lose one of those devices. I did a test and the outcome is: "This security key does not look familiar" message on my screen. When I look here: https://support.ledger.com/hc/en-us/articles/115005198545-FIDO-U2F it says I can use any other Ledger Nano S. But I cannot use FIDO on 2 of them. That confuses me even more. What will happen if my Trezor gets broken? Will I have to buy another Trezor even when I have another device using the same keys by hand? Am I forever stuck if Trezor stops selling their devices? Will the updates of firmware in Trezor present a danger for me? How about the Ledger Nano S... How the computer knows I am not using 2 devices when the seeds and passwords are the same? Is there any way how I could use the other brand as a replacement, without any further purchases? I will be happy for any clarification. Thank you all for any responses in advance.
Emil Lundberg
Dec 12, 2019, 4:09:33 AM12/12/19
to fido...@fidoalliance.org
I'm not familiar with how Trezor and Ledger devices work, but my initial guess would be that your Ledger device doesn't recognize the key handles (WebAuthn calls them "credential IDs") created by the Trezor device.
U2F credentials, and non-resident WebAuthn credentials, work by encrypting the private key in some unspecified format and returning that ciphertext to the server as the key handle; when challenged to authenticate, the authenticator receives the key handle back, unwraps the private key and signs the challenge. So for that to work with the same credentials on two authenticators, the authenticators first of all need to have the same wrapping key. Second, both devices need to understand each other's key wrapping formats so they can unwrap each other's key handles. I wouldn't assume that either of these requirements is satisfied, as the Trezor and Ledger firmwares may differ both in how they derive the wrapping key from the root key material, and in their respective wrapping/unwrapping algorithms.
Even if there is a way to get all of that work, there is an
additional complication: the signature counter, which was
specifically designed to counter your use case. When a
credential's signature counter decreases, servers might reject the
login attempt or even invalidate the credential. So to make sure
everything works, you would have to also synchronize the signature
counter between the devices.
So I wouldn't expect it to be possible to use two different
authenticators as direct backups of one another. The generally
accepted workaround for U2F is to instead register both devices as
separate U2F authenticators.
On 2019-12-11 23:41, Joe First wrote:
Hello everybody, this is the situation I am trying to understand how that would be solved: I am running Windows 10 so I can use FIDO2 for login into my account in Windows, also I can use FIDO2 for logging into one protected web server I use. I tested both with Trezor device, which also is used for storing cryptocurrencies. I would really like to use my wallets as hardware tokens to access my devices and websites. In addition to my Trezor I also own Ledger Nano S. I can set both devices to use the same private keys and I can use them to access all the accounts in the cryptoworld. What I noticed is: I installed FIDO on Trezor and used it to protect Microsof account and the website. Both I can login with no problem. Then I installed FIDO app into Ledger Nano S while thinking I will be able to use it in a case I will lose one of those devices. I did a test and the outcome is: "This security key does not look familiar" message on my screen. When I look here: https://support.ledger.com/hc/en-us/articles/115005198545-FIDO-U2F it says I can use any other Ledger Nano S. But I cannot use FIDO on 2 of them. That confuses me even more. What will happen if my Trezor gets broken? Will I have to buy another Trezor even when I have another device using the same keys by hand? Am I forever stuck if Trezor stops selling their devices? Will the updates of firmware in Trezor present a danger for me? How about the Ledger Nano S... How the computer knows I am not using 2 devices when the seeds and passwords are the same? Is there any way how I could use the other brand as a replacement, without any further purchases? I will be happy for any clarification. Thank you all for any responses in advance.
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/ed8367db-e34d-42cb-9606-c9314a4e1b66%40fidoalliance.org.
Emanuele Cesena
Dec 12, 2019, 4:26:53 PM12/12/19
to Joe First, FIDO Dev (fido-dev)
In U2F and FIDO2, private keys to authenticate to websites are derived on the fly from a master secret (and data from the website, typically appid). The derivation function is not specified and can differ by vendor. In addition, it’s not even guaranteed to be derived from the private key you use for crypto currencies. The best you can do is to look at the source code and figure out details and differences.
To the best of my knowledge Ledger only supports U2F — if you’re interested in making a FIDO2 plugin, we have a ton of code ready for you to take. Trezor may have FIDO2 in progress (but I don’t really know the status) because they committed code to our test repository:
But again, this doesn’t tell you anything on how FIDO private keys are derived.
Same goes with firmware updates. I can assume they’ll do their best to maintain compatibility, but there’s no guarantee.
There’s another important detail on the topic of a backup key. In FIDO there’s a counter. If you have 2 identical keys A and B and you’re using A, you’re incrementing a counter inside key A. When you loose A and want to start using B, you have to increase B’s counter enough. To my knowledge there’s no way to do this on any key on the market.
The approach that FIDO took is very different than crypto currencies. A security key is a unique device that you can’t backup/replace. You should buy and register multiple keys.
[Now advertising a bit] If you want to do your own things, you can play around with a solo hacker. Be reminded about the counter, meaning even if you store the same master secret in 2 keys, you won’t be able to arbitrarily use either of them. You need to use A, until you use, then “promote” B by increasing the counter, then continue to use B. Also note that currently this use case is not officially supported, so there’s manual work and coding involved.
Hope this helps,
On Dec 11, 2019, at 2:41 PM, Joe First <mail.no...@gmail.com> wrote:
Hello everybody, this is the situation I am trying to understand how that would be solved: I am running Windows 10 so I can use FIDO2 for login into my account in Windows, also I can use FIDO2 for logging into one protected web server I use. I tested both with Trezor device, which also is used for storing cryptocurrencies. I would really like to use my wallets as hardware tokens to access my devices and websites. In addition to my Trezor I also own Ledger Nano S. I can set both devices to use the same private keys and I can use them to access all the accounts in the cryptoworld. What I noticed is: I installed FIDO on Trezor and used it to protect Microsof account and the website. Both I can login with no problem. Then I installed FIDO app into Ledger Nano S while thinking I will be able to use it in a case I will lose one of those devices. I did a test and the outcome is: "This security key does not look familiar" message on my screen. When I look here: https://support.ledger.com/hc/en-us/articles/115005198545-FIDO-U2F it says I can use any other Ledger Nano S. But I cannot use FIDO on 2 of them. That confuses me even more. What will happen if my Trezor gets broken? Will I have to buy another Trezor even when I have another device using the same keys by hand? Am I forever stuck if Trezor stops selling their devices? Will the updates of firmware in Trezor present a danger for me? How about the Ledger Nano S... How the computer knows I am not using 2 devices when the seeds and passwords are the same? Is there any way how I could use the other brand as a replacement, without any further purchases? I will be happy for any clarification. Thank you all for any responses in advance.
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/ed8367db-e34d-42cb-9606-c9314a4e1b66%40fidoalliance.org.
Andrew Kozlik
Dec 12, 2019, 4:59:28 PM12/12/19
to Joe First, FIDO Dev (fido-dev)
Well the main problem is that Ledger devices don't support FIDO2, so I don't think you can use them for logging in to Windows. All Trezor and Ledger devices implement the older FIDO/U2F protocol. The only cryptocurrency wallet which also implements the new FIDO2 protocol is Trezor model T.
As for FIDO/U2F interoperability, from glancing at Ledger source code it looks like they copied the key handle format that we use in Trezor. In that case loading any Trezor or Ledger Nano with the same seed would mean they can "unwrap" each other's FIDO/U2F key handles, but you will still run into issues with the signature counters on the two devices clashing as explained by Emil.
The signature counter is a real nuisance. It was meant to protect against device cloning, but it doesn't really stop a malicious party from cloning the device and merely complicates matters for legitimate users who want to create a backup of their authenticator, because some sites won't allow them to register more than one authenticator at a time. In FIDO/U2F the signature counter is mandatory so we can't do anything about it. Fortunately, in FIDO2 the signature counter is optional and based on our experiments most RPs, including login.microsoft.com, don't require using it. Let's hope it stays that way.
FIDO2 brings a lot of great new features. For this reason we had to design a new key handle / credential ID format for the Trezor T which is documented in SLIP-0022 (https://github.com/satoshilabs/slips/blob/master/slip-0022.md). The old FIDO/U2F key handle format is still supported on the Model T, but credentials created using FIDO2 won't work with devices that only support FIDO/U2F. So that probably explains the "not familiar" message you are getting.
As for FIDO/U2F interoperability, from glancing at Ledger source code it looks like they copied the key handle format that we use in Trezor. In that case loading any Trezor or Ledger Nano with the same seed would mean they can "unwrap" each other's FIDO/U2F key handles, but you will still run into issues with the signature counters on the two devices clashing as explained by Emil.
The signature counter is a real nuisance. It was meant to protect against device cloning, but it doesn't really stop a malicious party from cloning the device and merely complicates matters for legitimate users who want to create a backup of their authenticator, because some sites won't allow them to register more than one authenticator at a time. In FIDO/U2F the signature counter is mandatory so we can't do anything about it. Fortunately, in FIDO2 the signature counter is optional and based on our experiments most RPs, including login.microsoft.com, don't require using it. Let's hope it stays that way.
FIDO2 brings a lot of great new features. For this reason we had to design a new key handle / credential ID format for the Trezor T which is documented in SLIP-0022 (https://github.com/satoshilabs/slips/blob/master/slip-0022.md). The old FIDO/U2F key handle format is still supported on the Model T, but credentials created using FIDO2 won't work with devices that only support FIDO/U2F. So that probably explains the "not familiar" message you are getting.
What will happen if my Trezor gets broken?
Buy a new one and reload it with the same seed. All non-resident credentials are backed-up by your recovery seed. If you have any device-resident credentials (only used for FIDO2 passwordless login), then you can create a backup of those too by saving their credential IDs. See https://wiki.trezor.io/FIDO2_Credentials for instractions.
Will I have to buy another Trezor even when I have another device using the same keys by hand?
Depends if the other device supports FIDO2 and SLIP-0022. Currently Trezor T is the only one on the market, but sooner or later other brands will follow suit.
Am I forever stuck if Trezor stops selling their devices?
I really wouldn't worry about this, especially given the fact that it is well documented and the entire Trezor project is fully open source with a large community of contributors and enthusiasts.
Will the updates of firmware in Trezor present a danger for me?
No. But be sure to keep a backup of your recovery seed and optionally any device-resident credential IDs (see above). If a firmware update in interrupted, e.g. due to a faulty USB connection, these might get deleted for security reasons.
How about the Ledger Nano S... How the computer knows I am not using 2 devices when the seeds and passwords are the same?
Signature counter, see above.
Is there any way how I could use the other brand as a replacement, without any further purchases?
Wait for them to implement FIDO2 and SLIP-0022.
Andrew Kozlik
Cryptography Specialist at SatoshiLabs
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/EA31EB67-55A2-4B4E-911F-0BF87021A736%40gmail.com.
Reply all
Reply to author
Forward
0 new messages