Yubico Forum

Re: OTP on NEO vs OTP on Yubico Standard Key

2014-12-12T21:00:14+01:00

I believe you can also set the moving factor seed (if you happen to know approximately what the counter it in your other yubikey) in the yubikey personalization tool if you don't want to manually press the OTP button a crazy number of times.

Statistics: Posted by darco — Fri Dec 12, 2014 9:00 pm

Re: OTP on NEO vs OTP on Yubico Standard Key

2014-12-12T10:39:49+01:00

Use one Yubikey, and submit OTP until the counter is synced again

stop using the other key

Statistics: Posted by Tom2 — Fri Dec 12, 2014 10:39 am

Re: OTP on NEO vs OTP on Yubico Standard Key

2014-12-12T04:57:42+01:00

Ahhh thank you for the reference. Thinking this is specifically what you are referring to:

The non-volatile counter is compared with the previously received
value. If lower than or equal to the stored value, the received OTP is
rejected as a replay.

That is likely exactly what is happening.

So what should be done to my account in this case ? Does the account get "reset" somehow to reset the server's expectation of my counter value ?

Statistics: Posted by riverrat — Fri Dec 12, 2014 4:57 am

Re: OTP on NEO vs OTP on Yubico Standard Key

2014-12-10T10:08:57+01:00

Counters will fail if you use two keys at the same time, please read how the Yubico OTP protocol works here:
https://www.yubico.com/wp-content/uploa ... l-v3.3.pdf

You can find an implementation of Yubico OTP generation in this repository:
https://github.com/Yubico/yubico-c

Statistics: Posted by Tom2 — Wed Dec 10, 2014 10:08 am

OTP on NEO vs OTP on Yubico Standard Key

2014-12-09T20:25:00+01:00

I have a Yubico Standard Key that my company has setup for VPN access using OTP.

I recently got a Yubico NEO to use with Google. I'm starting with looking to replace my existing Standard Yubico with the NEO. I've received the Yubico OTP parameters my original standard key was programmed with and I've duplicated that onto the Neo ... but it fails to work with the VPN.

So we have a Yubico OTP Test web site at our company. The original Standard Yubico USB key I have says it verified fine. The NEO which is supposedly programmed with the same configuration details fails.

If the two keys are (supposedly) using identical configuration parameters for OTP, should the NEO both verify on the OTP test side as well as work in our VPN ?

If there anything else related to the NEO that would cause it to fail even though its programmed like my Standard Key ?

Statistics: Posted by riverrat — Tue Dec 09, 2014 8:25 pm