I do hope that I did not miss it if this has already been answered. Searching for “FIDO U2F button” did not yield results with relevant information.
I am new here and have been watching Nitrokey development on and off for some time now. A while back I received the newsletter about the FIDO U2F. Having read the facts sheet I am a bit confused. It says:
Nitrokey FIDO U2F stores your cryptographic key in a cryptoprocessor so that it remains secure even if the device is stolen, and in the event of attack using laboratory devices.
On the other hand:
Configuration and use is very easy with just the push of a button.
Doesn’t that button defeat any hardware or other protection of the key? My thinking here is that the attacker/thief could just press that button and have my one factor of the two factor authentication “compromised” that way. They don’t need to extract anything from it. They would simply use it as if they were me, effectively downgrading the authentication to plain old password protection.
I must be missing something, so any information that helps me understand would be greatly appreciated.
Technically the key remains secure in the crypto processor and can’t be extracted. However, you are right that it can be used, in case the device is lost or stolen. This is why FIDO U2F is designed to be a 2nd factor but not a primary factor.
Thanks for your reply. Can you please explain what the benefit of this is then? I mean, one selling point is the protection of the key, so it can’t be extracted in case the FIDO U2F gets stolen. But why would an attacker want/need to extract it, if they can just as easily press the button and have the same effect? Or is it not the same effect? How does the hardware protection of the key improve the situation? What is the threat model so to speak?
Nitrokey FIDO U2F primarily protects against software attacks, such as stealing passwords. In case your computer is compromised, the button protects against malware utilizing the connected Nitrokey to login without your consent. In the same situation the crypto processor protects your key reliably from being extracted from the device by the malware (e.g. by exploiting hypothetical flaws in the firmware).
When your device is stolen, the difference is that your key can’t be extracted and multiplied. This might be a selling point but is not the primary aspect. Historically the text you cited has been used to describe our other models where this threat model is addressed by protected the usage of the key with a PIN.
Now I get it. Thank you very much for taking the time to explain.