According to the standards for HOTP the key should be a minimum of 128bits for best security, however the personalisation tool (windows) enforces a minimum of 160bits.
I'm attempting to use a YubiKey to replace the Google Authenticator app and I notice that they use a key length of 80bits.
Are we able to allow the personalisation program to use a variable key length instead of enforcing a 160bit key? That would allow me to use my YubiKey with Googles Existing Two-Factor Authentication system.
You can take a look at the standard here:
http://www.ietf.org/rfc/rfc4226.txtStatistics: Posted by captaincarrot — Mon Feb 28, 2011 4:59 am
]]>