From d25070d655a7ae0c05cbf99a2a05809c5cceec29 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <lwirzenius@wikimedia.org>
Date: Fri, 25 Sep 2020 14:17:51 +0300
Subject: first draft

---
 2020-09-28-yubikey.md | 234 +++++++++++---------------------------------------
 Human_Brain.png       | Bin 0 -> 136025 bytes
 YubiKey-4.png         | Bin 0 -> 641683 bytes
 YubiKey-5-Nano.png    | Bin 0 -> 150457 bytes
 4 files changed, 52 insertions(+), 182 deletions(-)
 create mode 100644 Human_Brain.png
 create mode 100644 YubiKey-4.png
 create mode 100644 YubiKey-5-Nano.png

diff --git a/2020-09-28-yubikey.md b/2020-09-28-yubikey.md
index 97975de..3b1b275 100644
--- a/2020-09-28-yubikey.md
+++ b/2020-09-28-yubikey.md
@@ -1,226 +1,90 @@
-# Why?
+# Human brains are wholly inadequate for secrets
 
-* I realised the following some weeks ago: 
 
-  I now maintain deployment tooling for one of the most important
-  websites in the world. When I make a mistake, and Wikipedia goes down,
-  the whole world will notice.
+![](Human_Brain.png)
 
-* How can I avoid making at least some mistakes?
+<!--
 
-* How can I avoid the New York Times and Hacker News discussing my
-  shortcomings?
+* Passwords can be brute force guessed by an attacker.
+* The only thing that helps is length.
+  - rules for what characters don't help nearly enough
+  - minimum (2010): 12 random characters
+* Human-invented passwords are rarely strong.
+* Humans can rarely memorise more than a couple strong passwords.
+  - never mind typing them correctly
+* Attacker gain more raw computing power every year. Human ability to
+  remember longer passwords has already reached its limit.
 
------------------------------------------------------------------------------
-
-# We have no safe place to...
-
-* Try changes to train tooling
-
-* Try out train tooling to see if it still works
-
-* Learn how to conduct the train
-
-* Experiment with changes to how we do the train
-
------------------------------------------------------------------------------
-
-# Theses
-
-* Changing `scap` or `deploy-promote` is plain old software development
-
-* Changing how we do the train is very similar to software development
-
-* We should treat the train as a software development project
-
------------------------------------------------------------------------------
-
-# (Controversial?) opinion on development (1/9)
-
-* Agile is not wrong
-
-* Agile is not right
-
-* Same for every other formal method or methodology
-
-* Higher stakes require more formalism
-
------------------------------------------------------------------------------
-
-# (Controversial?) opinion on development (2/9)
-
-* Have a rough idea of the end goal
-
-  - this will change and become clearer the closer you get
-  
-  - that's OK, part of the process is figuring out what you (or your
-    users or customers or stakeholders) really, really want
-  
-  - don't obsess about getting this exactly right in the beginning
-
------------------------------------------------------------------------------
-
-# (Controversial?) opinion on software development (3/9)
-
-* Make something that sort of works to start with
-
-  - a prototype, spike, wireframe, sketch, whatever
-
-  - it can be limited, bad, ugly, and wrong
-  
-  - a project with a million commits starts with hello, world
-
------------------------------------------------------------------------------
+Conclusion: we can't rely on passwords for security.
 
-# (Controversial?) opinion on software development (4/9)
+* Possible solutions: hardware token, password managers.
 
-* Iterate quickly, more or less towards the end goal
+-->
 
-  - have a very clear goal for each iteration
-  
-  - get feedback at the end of the iteration, to feed into forming
-    goals for future iterations
-  
-  - a week is usually enough for one iteration
-  
-  - many weeks is too long: too much changes in the world in that time
-  
-  - it's better to spend a week going in the wrong direction than a
-    month
 
 -----------------------------------------------------------------------------
 
-# (Controversial?) opinion on software development (5/9)
-
-* Experiment, make mistakes, learn
-
-  - "what happens if I press this button?"
-  
-  - if nothing bad can happen, just press the button, and then you'll
-    know
-	
-  - make sure it's safe to press any button
-
------------------------------------------------------------------------------
+# What are hardware security tokens?
 
-# (Controversial?) opinion on software development (6/9)
+![Nano](YubiKey-5-Nano.png)
 
-* If something is painful, do it more often
+<!--
 
------------------------------------------------------------------------------
 
-# (Controversial?) opinion on software development (7/9)
+* A small bit of physically secured computer that can do some
+  cryptography operations.
+  - can store secrets
+  - secrets can't be extracted - modulo bugs
+* Typically a USB connected smart card of sort.
+* Some kind of button for user interaction.
 
-* Smooth away unnecessary friction
+-->
 
 -----------------------------------------------------------------------------
 
-# (Controversial?) opinion on software development (8/9)
+You should still use passwords. Two-factor authentication is stronger
+than one-factor authentication.
 
-* Acceptance criteria are the most important part of a software project
-
-  - knowing what to do is harder than knowing how to do it
-  
-  - automated tests are more important that production code
+Use strong passwords: randomly generated and long. Use password
+managers. Use a different password for every site, application, device.
 
 -----------------------------------------------------------------------------
 
-# (Controversial?) opinion on software development (9/9)
-
-* It's not finished, until it's run repeatedly
+# Why a Yubikey specifically
 
-  - can your web server handle one billion sequential trivial
-    read-only requests, however slowly?
-	
-  - can you conduct the train every week for a year?
+![Big](YubiKey-4.png)
 
 -----------------------------------------------------------------------------
 
-# On development speed
+# Use cases
 
-* Edit, build, run, test, debug
+* web: U2F, WebAuthn
 
-  - the inner loop of software development
-  - if the loop is slow, development is slow: changes take a long time to make
+* local: disks, login
 
-* Anything that slows down the inner loop is bad
+* OpenPGP (sign, encrypt)
 
-  - if the whole world notices when you make a mistake, you are
-    careful making changes
-  - the careful developer is a slow developer
-
-* Software development always involves making mistakes
-
-  - developing things quickly requires making mistakes fast
-  - each mistake teaches you something 
-  - but mistakes should be cheap, safe, harmless
+* SSH: via gpg-agent
 
 -----------------------------------------------------------------------------
 
-# train-dev
+# Demo
 
-* A safe place to make mistakes related to development tooling
+* Use U2F for 2FA on gitlab.com.
 
-* Simulates the production environment sufficiently that if things
-  work in train-dev, they hopefully work in production
+* Store GnuPG subkeys onto Yubikey
 
-  * Does not try to be an exact replica of production
+* Configure GnuPG to use Yubikey
 
-  * Will not always be "right", but "sometimes good enough" is vastly
-    better than "try it in production and take down Wikipedia if
-    you're wrong"
-  
-* We'll make it be closer to production over time
-
-  * Iterate, fix discrepancies as we find them
+  - scdaemon
 
 -----------------------------------------------------------------------------
 
-# Overview
-
-* Nested virtual machines
-
-* Outer VM provides an environment in which inner VMs operate in
-  isolation
-  
-* Inner VMs provide the various servers and services needed to conduct
-  the train
-  
-  - git server ("Gerrit")
-  - a deploy server ("deploy1001.eqiad.wmnet")
-  
-* The goal is to be able to run all the steps of the train inside the
-  train-dev environment
-
------------------------------------------------------------------------------
-
-# Current status
-
-* The first step works
-
-  * `scap prep 1.35.0-wmf.34`
-  * Real scap, not one modified for train-dev
-
-* Does not access the Internet outside train-dev
-
-* An incomplete, bad, ugly, and wrong first step
-
-* Let's start iterating?
-
------------------------------------------------------------------------------
-
-# Do please try this at home!
-
-* train-dev repository on Gerrit
-
-* `vdc/README.md` has instructions
-
-* <https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/tools/train-dev/+/refs/heads/master/vdc/README.md>
-
-* There are pre-built images that you can try, no need to build your
-  own. But you need to give Lars your SSH public key first so the next
-  build of the image will give you access the VMs.
+# SEE ALSO
 
+* [`https://github.com/drduh/YubiKey-Guide`](https://github.com/drduh/YubiKey-Guide>)
+* [`https://en.wikipedia.org/wiki/Password_strength`](https://en.wikipedia.org/wiki/Password_strength)
+* [`http://web.cs.wpi.edu/~guttman/cs557_website/ papers/passwords/MorrisThompsonPasswordSecurity.pdf`](http://web.cs.wpi.edu/~guttman/cs557_website/papers/passwords/MorrisThompsonPasswordSecurity.pdf)
 
 -----------------------------------------------------------------------------
 
@@ -233,10 +97,16 @@ Attribution-ShareAlike 4.0 International ([CC BY-SA 4.0][]) licence.
 
 [CC BY-SA 4.0]: https://creativecommons.org/licenses/by-sa/4.0/
 
+Images from Injurymap,
+<https://www.injurymap.com/free-human-anatomy-illustrations>, and
+Yubico.com.
+
+
+
 
 ---
 title: "Yubikey hardware security tokens"
 subtitle: "Lunch and learn"
-author: "Lars Wirzenius / Wikimedia Foundation"
+author: "Lars Wirzenius"
 date: "2020-09-28"
 ...
diff --git a/Human_Brain.png b/Human_Brain.png
new file mode 100644
index 0000000..f58dbf1
Binary files /dev/null and b/Human_Brain.png differ
diff --git a/YubiKey-4.png b/YubiKey-4.png
new file mode 100644
index 0000000..627d8e3
Binary files /dev/null and b/YubiKey-4.png differ
diff --git a/YubiKey-5-Nano.png b/YubiKey-5-Nano.png
new file mode 100644
index 0000000..5c36bde
Binary files /dev/null and b/YubiKey-5-Nano.png differ
-- 
cgit v1.2.1