I am trying to get familiar with the Nitrokey architecture (while waiting for mine to arrive :)), and I noticed that at least libnitrokey does not provide any means to authenticate the Nitrokey device that is used. It will connect to the first device with a matching product and vendor id. If an adversary manages to attach a USB device with the same ids to my computer, they will be able to extract my user password if they are lucky enough that
hdi_open picks their device over the Nitrokey. The only identification I found is the serial number, which probably could also be spoofed by an adversary.
Is my understanding correct? Did you consider adding some kind of device authentication to the Nitrokey? (I am thinking of something similar to ssh’s known hosts or a challenge-response authentication that can be initialized on the first use.)
Your understanding is correct. In such scenario you describe the attacker would most likely be able to launch other attacks too, such as installing password sniffer or installing a camera filming the keyboard for example. This is why we don’t have specific protection measures in place.
Thanks for your reply! I agree with your reasoning for a workstation, but I think attaching a USB device to a notebook in a public place (train, conference, university, …) is much easier than the other options. But of course we will never achieve perfect security in such a setting.
PIN is not cached by the App (only a temporary password), therefore if adversary will swap the devices, Nitrokey App will not send any data there by itself (only will read device’s state). You can confirm is this one is yours by seeing IDs in About window.
Good to know! That makes the timing much more difficult.