I don’t really use FIDO2, but as I’m stuck with the GPG card integrated in the nitrokey 3, I’m looking at how to unlock a luks volume with fido 2, based on HMAC Secret.
I don’t have the feeling that for the fido 2 part, there’s a counter like what we can find in the GPG part:
PIN retry counter : 3 0 3
Does nitrokey 3 include a definitive lock after X attempts in FIDO2 after a pin error? Does this mean you have to wipe the key to continue?
Is it possible in the nitrokey firmware to have a DURESS password for the FIDO2 PIN?
If we use the FIDO2 method to decrypt the luks volume, does the Hmac Secret key come out of the nitrokey 3 or is it a calculation that is redone on the laptop?
But if my unencrypted /boot partition is compromised, could an attacker intercept the FIDO2 code to decrypt my volum luks whenever he wants?
Sorry, but I can’t find anything in the Nitrokey documentation. Do we have the same thing on Nitrokey?
I can’t find it
Documation from Yubikey
If the FIDO2 PIN is entered incorrectly 3 times in a row, the key will need to be reinserted before it will accept additional PIN attempts (reinserting “reboots” the device). If the PIN is entered incorrectly a total of 8 times in a row, the FIDO2 function will become blocked, requiring that it be reset. The number of remaining retries can be viewed at any time in YubiKey Manager by navigating to Applications > FIDO2.
Command line tool to interact with Nitrokey devices 0.4.47
Please provide pin:
Critical error:
Your device has been blocked after too many failed unlock attempts, to fix this it will have to be reset. (If no pin is set, plugging it in again might fix this warning)
I’ve just done the test, and indeed we have the same thing on the nitrokey. It’s a pity this isn’t mentioned in any of the documentation on your site.
Incorrect PIN entries will also lock the FIDO2 app on the Nitrokey 3. After every 3 wrong attempts, the app needs to be rebooted (either by command or by unplugging and replugging the device). It permanently locks after 10 wrong attempts, requiring a reset and generating a new secret on the token.
The HMAC is performed using an extension of the FIDO2 protocol, where a salt is sent to the token to calculate the HMAC response. This salt is stored in the LUKS header. The private key never leaves the token, but the calculated HMAC response, which serves as the LUKS unlock passphrase, is exposed and could be intercepted.