Yubico Forum :: View topic - php PEAR lib and 1-1 mapping?

Just watched some lastpass screen casts and i think it may have cleared it up for me.

The first 12 chars are a static identifier for that key correct? so i can keep a config table such as
user_id,yubikey_id to do a verification before submitting the web call.

There's no real documentation around this or i missed it (very possible)

Let me know if i'm on the wrong track here.

Thanks,

Author:	helfire [ Sat May 08, 2010 4:19 pm ]
Post subject:	php PEAR lib and 1-1 mapping?
Hi, New to yubikey and i'm trying to make a php plugin for StatusNet (just for fun) I'm a little confused though at how the ->verify($otp) works in the PEAR module. In the examples and the MediaWiki plugin it doesnt seem to map that i have MY Yubikey and not someone elses. What if someone stole my password and had their own Yubikey, wouldnt that verify still pass? So how do i make that link 1 to 1 between the Yubikey i hold and the user on the site. I also use LastPass and they had me enter in 1 OTP to "link" it i suppose, though i'm not technically sure how that worked ether, just trying to get my head around how this works. Thanks!

Author:	helfire [ Sat May 08, 2010 4:47 pm ]
Post subject:	Re: php PEAR lib and 1-1 mapping?
Just watched some lastpass screen casts and i think it may have cleared it up for me. The first 12 chars are a static identifier for that key correct? so i can keep a config table such as user_id,yubikey_id to do a verification before submitting the web call. There's no real documentation around this or i missed it (very possible) Let me know if i'm on the wrong track here. Thanks,

Author:	Kami [ Sat May 08, 2010 7:17 pm ]
Post subject:	Re: php PEAR lib and 1-1 mapping?
helfire wrote: Just watched some lastpass screen casts and i think it may have cleared it up for me. The first 12 chars are a static identifier for that key correct? so i can keep a config table such as user_id,yubikey_id to do a verification before submitting the web call. There's no real documentation around this or i missed it (very possible) Let me know if i'm on the wrong track here. Thanks, Yes, the first 12 characters are a static device identifier. Actually there is quite a lot of documentation available, but it's scattered around many places and pdf documents. Maybe you will find some information located in my project's docs helpful.

Author:	helfire [ Sat May 08, 2010 7:33 pm ]
Post subject:	Re: php PEAR lib and 1-1 mapping?
Thanks for the info, the more i poke around the better i'm understanding. The very simple example just lead me to have these questions. One other question though, is it best practice to hash the first 12 char identifier? Reading a bit on lastpass it seems thats all they use for offline auth.

Author:	Kami [ Sat May 08, 2010 9:07 pm ]
Post subject:	Re: php PEAR lib and 1-1 mapping?
No problem. For the offline authentication you need AES as well (only device id does not help you). And for the AES key you need to re-program your YubiKey.

Yubico Forum https://forum.yubico.com/

php PEAR lib and 1-1 mapping? https://forum.yubico.com/viewtopic.php?f=3&t=531	Page 1 of 1

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/