summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--2020-09-28-yubikey.md234
-rw-r--r--Human_Brain.pngbin0 -> 136025 bytes
-rw-r--r--YubiKey-4.pngbin0 -> 641683 bytes
-rw-r--r--YubiKey-5-Nano.pngbin0 -> 150457 bytes
4 files changed, 52 insertions, 182 deletions
diff --git a/2020-09-28-yubikey.md b/2020-09-28-yubikey.md
index 97975de..3b1b275 100644
--- a/2020-09-28-yubikey.md
+++ b/2020-09-28-yubikey.md
@@ -1,226 +1,90 @@
-# Why?
+# Human brains are wholly inadequate for secrets
-* I realised the following some weeks ago:
- I now maintain deployment tooling for one of the most important
- websites in the world. When I make a mistake, and Wikipedia goes down,
- the whole world will notice.
+![](Human_Brain.png)
-* How can I avoid making at least some mistakes?
+<!--
-* How can I avoid the New York Times and Hacker News discussing my
- shortcomings?
+* Passwords can be brute force guessed by an attacker.
+* The only thing that helps is length.
+ - rules for what characters don't help nearly enough
+ - minimum (2010): 12 random characters
+* Human-invented passwords are rarely strong.
+* Humans can rarely memorise more than a couple strong passwords.
+ - never mind typing them correctly
+* Attacker gain more raw computing power every year. Human ability to
+ remember longer passwords has already reached its limit.
------------------------------------------------------------------------------
-
-# We have no safe place to...
-
-* Try changes to train tooling
-
-* Try out train tooling to see if it still works
-
-* Learn how to conduct the train
-
-* Experiment with changes to how we do the train
-
------------------------------------------------------------------------------
-
-# Theses
-
-* Changing `scap` or `deploy-promote` is plain old software development
-
-* Changing how we do the train is very similar to software development
-
-* We should treat the train as a software development project
-
------------------------------------------------------------------------------
-
-# (Controversial?) opinion on development (1/9)
-
-* Agile is not wrong
-
-* Agile is not right
-
-* Same for every other formal method or methodology
-
-* Higher stakes require more formalism
-
------------------------------------------------------------------------------
-
-# (Controversial?) opinion on development (2/9)
-
-* Have a rough idea of the end goal
-
- - this will change and become clearer the closer you get
-
- - that's OK, part of the process is figuring out what you (or your
- users or customers or stakeholders) really, really want
-
- - don't obsess about getting this exactly right in the beginning
-
------------------------------------------------------------------------------
-
-# (Controversial?) opinion on software development (3/9)
-
-* Make something that sort of works to start with
-
- - a prototype, spike, wireframe, sketch, whatever
-
- - it can be limited, bad, ugly, and wrong
-
- - a project with a million commits starts with hello, world
-
------------------------------------------------------------------------------
+Conclusion: we can't rely on passwords for security.
-# (Controversial?) opinion on software development (4/9)
+* Possible solutions: hardware token, password managers.
-* Iterate quickly, more or less towards the end goal
+-->
- - have a very clear goal for each iteration
-
- - get feedback at the end of the iteration, to feed into forming
- goals for future iterations
-
- - a week is usually enough for one iteration
-
- - many weeks is too long: too much changes in the world in that time
-
- - it's better to spend a week going in the wrong direction than a
- month
-----------------------------------------------------------------------------
-# (Controversial?) opinion on software development (5/9)
-
-* Experiment, make mistakes, learn
-
- - "what happens if I press this button?"
-
- - if nothing bad can happen, just press the button, and then you'll
- know
-
- - make sure it's safe to press any button
-
------------------------------------------------------------------------------
+# What are hardware security tokens?
-# (Controversial?) opinion on software development (6/9)
+![Nano](YubiKey-5-Nano.png)
-* If something is painful, do it more often
+<!--
------------------------------------------------------------------------------
-# (Controversial?) opinion on software development (7/9)
+* A small bit of physically secured computer that can do some
+ cryptography operations.
+ - can store secrets
+ - secrets can't be extracted - modulo bugs
+* Typically a USB connected smart card of sort.
+* Some kind of button for user interaction.
-* Smooth away unnecessary friction
+-->
-----------------------------------------------------------------------------
-# (Controversial?) opinion on software development (8/9)
+You should still use passwords. Two-factor authentication is stronger
+than one-factor authentication.
-* Acceptance criteria are the most important part of a software project
-
- - knowing what to do is harder than knowing how to do it
-
- - automated tests are more important that production code
+Use strong passwords: randomly generated and long. Use password
+managers. Use a different password for every site, application, device.
-----------------------------------------------------------------------------
-# (Controversial?) opinion on software development (9/9)
-
-* It's not finished, until it's run repeatedly
+# Why a Yubikey specifically
- - can your web server handle one billion sequential trivial
- read-only requests, however slowly?
-
- - can you conduct the train every week for a year?
+![Big](YubiKey-4.png)
-----------------------------------------------------------------------------
-# On development speed
+# Use cases
-* Edit, build, run, test, debug
+* web: U2F, WebAuthn
- - the inner loop of software development
- - if the loop is slow, development is slow: changes take a long time to make
+* local: disks, login
-* Anything that slows down the inner loop is bad
+* OpenPGP (sign, encrypt)
- - if the whole world notices when you make a mistake, you are
- careful making changes
- - the careful developer is a slow developer
-
-* Software development always involves making mistakes
-
- - developing things quickly requires making mistakes fast
- - each mistake teaches you something
- - but mistakes should be cheap, safe, harmless
+* SSH: via gpg-agent
-----------------------------------------------------------------------------
-# train-dev
+# Demo
-* A safe place to make mistakes related to development tooling
+* Use U2F for 2FA on gitlab.com.
-* Simulates the production environment sufficiently that if things
- work in train-dev, they hopefully work in production
+* Store GnuPG subkeys onto Yubikey
- * Does not try to be an exact replica of production
+* Configure GnuPG to use Yubikey
- * Will not always be "right", but "sometimes good enough" is vastly
- better than "try it in production and take down Wikipedia if
- you're wrong"
-
-* We'll make it be closer to production over time
-
- * Iterate, fix discrepancies as we find them
+ - scdaemon
-----------------------------------------------------------------------------
-# Overview
-
-* Nested virtual machines
-
-* Outer VM provides an environment in which inner VMs operate in
- isolation
-
-* Inner VMs provide the various servers and services needed to conduct
- the train
-
- - git server ("Gerrit")
- - a deploy server ("deploy1001.eqiad.wmnet")
-
-* The goal is to be able to run all the steps of the train inside the
- train-dev environment
-
------------------------------------------------------------------------------
-
-# Current status
-
-* The first step works
-
- * `scap prep 1.35.0-wmf.34`
- * Real scap, not one modified for train-dev
-
-* Does not access the Internet outside train-dev
-
-* An incomplete, bad, ugly, and wrong first step
-
-* Let's start iterating?
-
------------------------------------------------------------------------------
-
-# Do please try this at home!
-
-* train-dev repository on Gerrit
-
-* `vdc/README.md` has instructions
-
-* <https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/tools/train-dev/+/refs/heads/master/vdc/README.md>
-
-* There are pre-built images that you can try, no need to build your
- own. But you need to give Lars your SSH public key first so the next
- build of the image will give you access the VMs.
+# SEE ALSO
+* [`https://github.com/drduh/YubiKey-Guide`](https://github.com/drduh/YubiKey-Guide>)
+* [`https://en.wikipedia.org/wiki/Password_strength`](https://en.wikipedia.org/wiki/Password_strength)
+* [`http://web.cs.wpi.edu/~guttman/cs557_website/ papers/passwords/MorrisThompsonPasswordSecurity.pdf`](http://web.cs.wpi.edu/~guttman/cs557_website/papers/passwords/MorrisThompsonPasswordSecurity.pdf)
-----------------------------------------------------------------------------
@@ -233,10 +97,16 @@ Attribution-ShareAlike 4.0 International ([CC BY-SA 4.0][]) licence.
[CC BY-SA 4.0]: https://creativecommons.org/licenses/by-sa/4.0/
+Images from Injurymap,
+<https://www.injurymap.com/free-human-anatomy-illustrations>, and
+Yubico.com.
+
+
+
---
title: "Yubikey hardware security tokens"
subtitle: "Lunch and learn"
-author: "Lars Wirzenius / Wikimedia Foundation"
+author: "Lars Wirzenius"
date: "2020-09-28"
...
diff --git a/Human_Brain.png b/Human_Brain.png
new file mode 100644
index 0000000..f58dbf1
--- /dev/null
+++ b/Human_Brain.png
Binary files differ
diff --git a/YubiKey-4.png b/YubiKey-4.png
new file mode 100644
index 0000000..627d8e3
--- /dev/null
+++ b/YubiKey-4.png
Binary files differ
diff --git a/YubiKey-5-Nano.png b/YubiKey-5-Nano.png
new file mode 100644
index 0000000..5c36bde
--- /dev/null
+++ b/YubiKey-5-Nano.png
Binary files differ