OTP slots, secret keys encryption and physical attack

Hello all,

On Nitrokey APP → “OTP Slot Configuration”, I read: “Note: 2nd factors are not protected against physical attacks. If Nitrokey has been lost, change all OTP secrets.”
What does it mean? Are Secret Keys stored in plain text inside Nitrokey and then they are not protected against physical attacks?
It is really really bad if secret keys are not encrypted on Nitrokey!

Regards
Maurizio

That note is talking about the T-/HOTP secrets (the values you usually scan from the websites supporting 2FA, they serve as a basis for generating one-time codes) that are stored like that. The keys are stored differently and are protected.

as I read here https://netknights.it/en/the-problem-with-the-google-authenticator/

The OTP algorithms HOTP and TOTP are based on a symmetric secret key which is also called seed. Using the algorithm, the seed and a moving factor the OTP value is calculated. This means that the seed needs to be protected. … The QRCode contains the seed in clear text. The value O6LVCAVTS2IJ25NKXKOOGCNTJIOFNUXA is the secret key in the so called “base32” notation. This might look complicated to an untrained, human being eye. But the computer takes this as clear text for real. As this is a timebased OTP token (TOTP), each device that scans this code will create the same OTP value. The value will change, but it will be the same value. On each device.

So in TOTP algorithm we have a fixed-single SEED and multiple-changing OTP values.
I rephrase the question: does Nitrokey store the SEED value encrypted in order to be protected against physical attack?

By default, no. These are 2nd factors (physical possession) which are used in addition to a 1st factor (usually the knowledge of a password). Consequently, other devices show the OTP value directly on a physical screen without protection. Encrypting OTP seeds would add a 3rd factor (the PIN to decrypt such). With Nitrokey, you can enable PIN-protection, if you like. Update: PIN-protection does not mean the OTP seeds are encrypted.

*KeepassXC protects the seed encrypted by password!
*Veracrypt Flash Drive protects the seed encrypted by password/keyfiles in a text file or any other desired format inside its volume.
*I need to ask to yubikey if yubikey 5 protects the seed encrypted by password: anyway yubikey authenticator app asks for a password in order to list the OTP “slots” and to generate an OTP values.

“PIN-protection does not mean the OTP seeds are encrypted” on Nitrokey?
In my opinion OTP seed must be encrypted anytime! In my opinion the encryption of a 2nd factor is not considered a 3rd factor like the encryption of a password is not considered a 2nd factor. In order to access a service, we have one or multiple factor: password as 1st factor, otp like second factor OR sms like second factor OR any other AND other factors until the maximum desired or requested xTH factors is reached.

18 OTP slots should be protected by PIN not only for unauthorized usage on Nitrokey APP (to prevent to see the list of used OTP slots and to generate OTP values by unauthorized thief) but the seeds should be ENCRYPTED by PIN on Nitrokey in order to prevent a thief to physically copy the not-encrypted seed from nitrokey to another device and generate OTP values.

If you want 3 factor authentication you can enable PIN protection. Counting:

  • 1st factor: Usually knowledge of a password
  • 2nd factor: Possession of the Nitrokey (to generate the OTP)
  • 3rd factor: Knowledge of PIN to access the OTP