
Krypton: phone-based U2F Authenticator - cyanflux
https://krypt.co/
======
jrockway
What is the business model here? They release what they purport to be their
source code on Github, but under a license that prohibits ... everything
(literally the words "All Rights Reserved"). So clearly they want to sell
that, and then have the open source community debug it for them for free,
which I just don't see happening. With no way to validate that the source code
on Github is what ends up in their compiled binaries, I don't see the value to
anyone.

~~~
gruez
> With no way to validate that the source code on Github is what ends up in
> their compiled binaries, I don't see the value to anyone.

you can say the same about all the other open source projects that don't have
reproduceable builds.

~~~
conradev
and, in addition, anything you run from the App Store:

[https://github.com/signalapp/Signal-
iOS/issues/641](https://github.com/signalapp/Signal-iOS/issues/641)

------
CaliforniaKarl
Ah yes, I remember seeing this before!

This is interesting, because at work pretty much all of our logins (including
for third-party services) go through SAML, where our IdPs use Duo for two-
step. That gives us similar functionality to this, without needing to use a
browser plugin. You do need to use an app, though, to avoid insecure SMS or
voice.

(Duo does support U2F, but it's not as obvious, because end users have to
initiate the setup, and Duo instances that existed before U2F became available
have it turned off—instance-wide—by default.)

One thing you could do, assuming work uses Duo and U2F support is on: You
could have a singly Krypton install for both personal and work (particularly
if you have one mobile device). Then, enroll Krypton as your U2F device in
Duo.

I'm kindof surprised that either Duo or LastPass haven't bought out krypt.co
yet…

~~~
judge2020
> I'm kindof surprised that either Duo or LastPass haven't bought out krypt.co
> yet…

Would be the perfect move for LastPass - around the beginning of this year
Lastpass started a beta program for LastPass connect [0], however, was
suddenly put on hold [1][2], and I think krypt's technology would be the
perfect candidate to pull together the app.

I also trust LogMeIn much more than I trust Krypt to not push out malicious
binaries, so there's a plus for that.

0: [https://www.lp-labs.com/](https://www.lp-labs.com/)

1: [https://judge.sh/VBRJP4n.png](https://judge.sh/VBRJP4n.png)

2: [https://www.androidauthority.com/lastpass-
connect-861342/](https://www.androidauthority.com/lastpass-connect-861342/)

------
noja
From the FAQ:

What if I lose my phone?

Many websites require a backup two-factor authentication methods such as SMS
and TOTP (authenticator 6 digit-code apps) even if you are using a U2F
security key such as Krypton. For certain sites that allow U2F only (such as
Google Advanced Protection), we recommend having a backup phone with separate
Krypton U2F key setup or a physical hardware key that you store securely in
somewhere.

We are actively building a robust account recovery service with partners to
solve this problem and make U2F/WebAuthn a viable "single-factor" login
system. We hope this will remove the need for these backup methods that make
your account vulnerable to phishing attacks. We also see this as a major
barrier to wide adoption of U2F/WebAuth/2FA so we are eager to solve this
problem.

------
oedmarap
Just one gripe: I absolutely do not think it's a good idea to have zero-touch
ON by default.

I understand their argument about security vs. usability for laypeople as it's
an age old one, but I think that applies better to situations where there's a
marked tradeoff in principle.

Tapping just once or reaching for one's phone doesn't detract from usability.
Quite the contrary, it's a common sense approach (and teaches common sense
security posture) to give one's explicit agreement for authentication, U2F or
otherwise.

Otherwise, the intended user base that zero-touch seems to target may end up
being the same folks that question why it didn't work out of the box to
protect their logins when their laptop gets physically compromised; since they
assumed they didn't have to _" understand or care about the differences
between two-factor, U2F, or web authentication"_ in the first place, to quote
the FAQ.

------
amingilani
This is going to change everything for me. You sirs, have cracked the hard
problem: how do we make U2F easy enough for users to use without taking away
the "something you have" aspect of it.

This is brilliant. I love it!

Now please fix the licensing, make the core open-source, be a bit more
transparent, and get audited. It would really inspire a lot more confidence in
a tool whose target audience is currently the security paranoid crowd.

~~~
jiveturkey
> You sirs, have cracked the hard problem

That's completely unfair. U2F was from the start designed to be rendered in
this kind of form factor. "All" Krypton (and Duo, BTW) did was implement this
obvious form factor.

U2F itself, was the hard problem.

And anyway, push 2FA has been around for approx. as long as U2F. It may not be
obvious now, but U2F will ultimately die in favor of push. IMHO. (they each
have strengths and weaknesses but overall push is better.)

~~~
mtgx
Push = some company owns your 2FA credential, right? Or were you talking about
something else?

~~~
mplewis
I think push means when you sign in, the server pushes a notification to your
phone(s), which can accept or reject the request.

~~~
ztjio
It feels exactly the same to use krypton. You pop up the website that wants
auth and your phone dings and you tap a button and there you go. Compared to
say, Blizzard's authenticator for battle.net, it does the same thing. You try
to log in, it pushes a message to your phone you get a ding tap a button and
you go.

As far as UX goes it's identical to the user.

~~~
amingilani
But there in lies the difference. With Krypton, the company doesn't own your
keys, you so. It's like Fiat vs Bitcoin.. only there's literally no difference
in experience.

That's why Krypton is better. It works everywhere U2F (an open spec) is
supported, while the proprietary company solution is supported where the
company has partnered

------
jonafato
Can anyone comment on their "zero touch is safe" claim
([https://krypt.co/faq/](https://krypt.co/faq/))? As far as I understand,
tokens like YubiKeys require a touch as an explicit action by the user to
prevent authentication without their knowledge. Doesn't a zero touch approach
remove a security feature?

~~~
henryfjordan
It depends on your threat model.

You pair your phone and browser and then they can talk. Any time you want to
log in through that browser it can talk to your phone and auth you
automatically. For someone to exploit this, they'd need access to the computer
with your browser.

So if your laptop gets stolen, yes this is a bad idea, but I think most people
think that they can just revoke the browser's keys if if the laptop gets
stolen and they are way more likely to have their phone stolen anyway.

~~~
jonafato
I was more thinking of malware / some otherwise rogue process. This seems like
something that's worth having in the world of fake support remote desktop
scams.

~~~
ReverseCold
That's so easy to bypass.

1\. Wait for user to sign in. 2\. Intercept their sign in. 3\. User: "Oh, it
didn't work. I'll just try again." 4\. User tries again and it works. Attacker
is also logged in now.

Alternatively, at that point you could just inject JS into whatever website
needed 2FA and do everything without the user noticing anything.

------
orclev
I've been using it for about a year now. Works very well. Only gotcha is that
it doesn't really have support for Windows (it's on the issue tracker, but
progress has been slow). If you do your work on OS X or Linux you're fine, but
if you're a Windows user you're in for a bumpy ride.

~~~
mikekij
Side thought- what an interesting change from the software world 10 years ago.
Who would have thought windows support was a lower priority then OS X and
Linux. Onward and upward!

~~~
orclev
In this particular case it's all about Windows not having a decent SSH client.
There's PuTTY... and uh... PuTTY. Oh, and you can sort of maybe run OpenSSH
through LSFW or Cygwin, or maybe msys, but those all have some serious gotchas
associated with them. Basically it boils down to, there's no standard Windows
SSH client, and the ones that are available all have a laundry list of gotchas
and problems, and that's without even bringing in the various git clients into
consideration. OS X and Linux are low hanging fruit, they both come out of the
box with a standard and well supported SSH clients.

~~~
sbradford26
So windows 10 has added openssh. I am not sure if it has left beta but it
definitely is a step in the right direction.

[https://www.howtogeek.com/336775/how-to-enable-and-use-
windo...](https://www.howtogeek.com/336775/how-to-enable-and-use-
windows-10s-built-in-ssh-commands/)

------
maherbeg
How does the browser communicate with the phone? Does it require an
intermediary server that krypt.co runs?

~~~
dijit
Yeah, it's using Amazon SQS.

It's listed in their docs.

~~~
jiveturkey
oy. I'd assumed there was a browser-side USB->BLE plugin.

This is horrible. Now the security of it is tied to the security of the stuff
they have running in Amazon. Which they probably don't publish source code
for? Even if they do, you have no way to know that is what is actually
running.

Not the mention reliability and availability concerns.

ah well, I had such high hopes.

~~~
jiveturkey
After investigation, I have to retract my complaint. The browser-side agent is
paired with your phone, Apple style. It's not a Google-style arrangement where
you pair with Google and Google pairs with you, ie Google is in the middle.

So as long as the source code for both parts (browser-side and phone-side) is
there, and you can audit that the code viewable is the code installed, this is
pretty solid.

Of course the reliability and availability issue is still there.

------
lvh
We haven't audited this personally but I'm lsoking forward to doing so. This
looks _awesome_ \-- my only problem is that it doesn't solve U2F/WebAuthn on
the phone itself, which is still a lot more complicated on iOS than it is on
Android (even though overall, I think iOS is a better platform than Android,
at least from a security perspective).

~~~
agrinman
On Android it works for any site that uses the standard U2F polyfill and
allows the chrome/android user-agent. You can try it on your android phone at
[https://u2f.bin.coffee](https://u2f.bin.coffee).

On iOS it works for Google logins, see the blog post here:
[https://krypt.co/blog/posts/use-google-advanced-
protection-w...](https://krypt.co/blog/posts/use-google-advanced-protection-
with-krypton.html).

------
ademup
Has this been audited? It sure seems like a wonderful/convenient alternative
to hardware keys, but something makes me nervous about the phone aspect. I'd
love to read more comments here from those more knowledgeable than I.

~~~
ecesena
It doesn't seem this can really be FIDO, because FIDO only defines usb, nfc,
and ble security keys.

I'm not saying Krypton is bad, just that you're installing an extension that
(I imagine) interacts with a server to send a push to your phone. It's a very
different security model than keys, that require no extension and don't
interact with any 3rd party.

Update: I'm seeing that my comment is read as negative, and I don't want to
give this impression. I think Krypton is great, I use 2FA over push
notifications all the times myself. I was just trying to reply to the "has it
been audited?" question.

Edit: changed chrome extension -> extension according to comment below.

~~~
orclev
You're wrong about the interaction model. When you install the client on your
phone and pair it with a computer (via QR code) it generates a ssh key. You
then need to import the public key into your github (or gitlab etc.) account
same as you normally would. Once that's done on the client side there's a SSH
plugin that is registered that intercepts the authentication request and pings
the krypton server to sign your commit with the private key on your phone (the
server relays the signing request to your phone via push notification).
Assuming you approve everything on your phone the result is unwound back to
your ssh client which finishes the handshake with the server and authorizes
you based on the public key you had previously uploaded.

------
nikolay
What happens when you upgrade or, God forbid, lose your phone? Do I need to
redo everything from scratch like I have to do with my Krypton PGP and SSH
keys? That's a no go for me. I'm pretty happy with 1Password already!

~~~
jiveturkey
> Do I need to redo everything from scratch

I would hope so. Anything less is not secure. (This is one of the basic
"problems" with hardware authentication.)

However, the software model allows for pre-arranged cloud sync between
multiple devices. Given how Krypton handles PGP/SSH this support isn't there,
but there's no technical obstacle.

~~~
nikolay
I think you don't get security. When you make something so hard for people to
do, they just won't do it. It's like every website having a different password
strength policy, people start reusing the same passwords or use 1Password. I
upgrade my phone every year. I won't go thru a billion websites on which I
enabled 2FA to swap the device. Also, when you upgrade phones at stores, you
don't have both devices together for an unlimited time. If you want better
security, then 3FA > 2FA, i.e. two things you have, and one thing you know.

~~~
henryfjordan
I think you don't get security.

Security is literally spending resources to protect something. Time is a
resource. Space in your brain is a resource.

If I want to secure a city, I spend labor and materials to build a wall. If I
want to secure my documents, I spend money on a safe. If I want to secure my
emails, I spend brain space and time dealing with passwords.

You can argue that the resource <\--> security tradeoff is too expensive and
that being insecure is a better choice, but just because something is harder
doesn't mean it's less secure. People make that choice every day. When someone
reuses a password, they are choosing to not use brain space and instead be
less secure.

~~~
nikolay
I think you don't get security... along with other things. There are good ways
to spend resources and bad ways. And there is a lot more opportunity to waste
resources than utilize them efficiently. Krypton is a very bad idea to start
with. It's the poor man's YubiKey. My Android has both Krypton and my Google
account. My phone has my identity. If I lose my phone, I lose tons more than
if I just lose my YubiKey, which nobody will associate with me and give them
means to get into my accounts. I cannot even remotely erase Krypton. In
general, it is times worse than a YubiKey, but also times less convenient, and
practical. Why would anybody use it?

------
amckinlay
Should not be too hard to develop a free version of this. Do not look at their
source code on GitHub, though.

------
phren0logy
I have been experimenting with this since I saw it here on HN a while ago. So
far, I'm impressed.

------
jmuguy
I've been using Krypton for SSH for a while (basically the private key is on
the phone and you approve logins using the app, they must have just added U2F
recently). Its worked really well and is super simple to setup when logging
into a new server.

~~~
dijit
It's also really nice for signing git commits. I like it a lot.

(although I can't access the <teams> section of the app on an iPhone 5SE)

------
hasa
I don't see much sense using U2F. If you just need a 2nd factor, then TOTP
based solutions do it cheaper and easier. FIDO 2.0 is the way to go if FIDO is
required.

~~~
moviuro
TOTP requires:

1\. sharing a secret (which is bad, and possibly already compromised by the
time it reaches your device (phone))

2\. permanent attention to the domain. Remember similarities between the
cyrillic a and latin a? (phishing, etc.)

------
jiveturkey
but does it work for browsing on the phone itself? if so, slam dunk.

even without that, it is what U2F was always destined to become.

it's especially better than u2fzero. ;)

~~~
ecesena
> it's especially better than u2fzero. ;)

genuinely curious: why? (disclaimer: I'm working on Solo, the successor of
u2fzero)

~~~
jiveturkey
look at my numerous comments in the 2 HN threads on solo/u2fzero.

~~~
ecesena
Yes, I'm aware of the general comments, I was trying to get to the
core/specifics. For example, you mentioned multiple times that hardware
breaks, can be stolen, the interfaces aren't standard. But all these things
are actually true also for your phone: it breaks, it can be stolen (probably
much easier than your keys), and chrome extension+push notification I wouldn't
really call it more standard than USB.

Again, I'm not trying to downplay Krypton, I like the phone solution a lot, I
think it's much more usable than security keys. I use push notifications all
the times e.g. via DUO. But I still think we need physical security keys
against online attacks, for example as a mechanism to secure your phone
itself.

------
aespinoza
So what is the difference between Krypton and Duo? Why are they so innovative?

By reading the website it seems they are doing the same thing as Duo.

~~~
jiveturkey
they are hugely different. Duo is a full SSO and 2FA solution. Krypton
supplies a few pieces at the edge.

~~~
aespinoza
Interesting. I will check it out further. Thank you.

------
dabeeeenster
Can someone explain how this works!? I have looked all over the Krypt website
but I still don't get it?!

~~~
dabeeeenster
OK finally found it in the FAQ for those that are slow like me:

Is "zero touch" secure? How is it a second factor if it approves
automatically? Yes, zero touch is safe. The security behind Krypton is
established when you pair Krypton with your browser (via the extension) by
scanning the QR code. This ensures that only your specific browser will be
able to talk to Krypton. Krypton and your browser establish a secure
cryptographic channel using keys that only your phone and computer have. There
is NO trusted third-party.

Two-factor is simply a way to defend against compromised passwords. If someone
knows your password and attempts to login then they'll be hit with a second-
factor challenge. Since this attacker is remote and doesn't have access to
your browser they won't be able to talk to Krypton.

~~~
lostmsu
If they steal password from your browser by, say, installing keylogger, that
same keylogger can now also steal the computer side Krypton key. So zero touch
does not help against that class of attacks, while normal U2F would.

