1

Contemplating using YubiKey’s challenge-response feature to hash public passphrases.

By public, I mean an attacker could potentially exfiltrate passphrases but, not having YubiKey*, passphrases would be useless.

Is such as scheme secure in 2022 and is it quantum-computing safe?

Thanks for helping out!

*HMAC is computed on YubiKey using secret stored on secure element.

sunknudsen
  • 199
  • 8
  • 1
    Related: https://crypto.stackexchange.com/q/26510/54184 – forest Aug 30 '22 at 19:39
  • 1
    When designing a new protocol, you shouldn't use HMAC-SHA1 because there are better alternatives. However, it's currently fine, and if something like the YubiKey uses HMAC-SHA1, you obviously can't change what's supported and probably shouldn't worry as they will hopefully update things when something becomes broken. – samuel-lucas6 Aug 30 '22 at 19:52
  • 1
    I'm voting to close as a duplicate of the 2015 thread. The earlier thread was relevant because it came after a breakthrough of SHA-1 cryptanalysis, which opened the question of whether that breakthrough was applicable to HMAC-SHA-1. Since then there has not been another breakthrough and we don't need a new thread each year. – Gilles 'SO- stop being evil' Aug 30 '22 at 20:32
  • @Gilles'SO-stopbeingevil' Does accepted answer still hold strong in 2022? – sunknudsen Aug 30 '22 at 20:42
  • 2
    Yes, as I said, there hasn't been any qualitative change since then. Neither on applying the collision finding to break HMAC, nor on a different break against SHA-1. – Gilles 'SO- stop being evil' Aug 30 '22 at 20:46

1 Answers1

1

HMAC-SHA1 is supposed to still be secure since the security of HMAC only requires weak collision resistance of the underlying hash. Mihir Bellare had a paper from the mid 2000s discussing this in detail, but I can't find an active link for it now. However, he apparently did some later work with some others on the subject that you can find here.

As for your QC question I don't know.

Swashbuckler
  • 2,053
  • 10
  • 8