Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 7:58 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Mon Jul 30, 2012 12:10 pm 
Offline

Joined: Mon Jul 30, 2012 11:14 am
Posts: 3
I'd like to use my YubiKey to emit a 64 character password with the highest level of entropy / security.

Whilst programming a static password using the configuration utility and personalization tool, I found out that it is unfortunately not possible to use a string over 32 characters.

With the help of this forum, I stumbled upon a script called StaticKey which seems to be able to program a password with 256 bits of true complexity.

I have 2 questions regarding this approach:

1. Can someone please provide instructions on how to invoke this script? It fails to open with error code "Automation server can't create object"
Image

2. Is this script considered to be the best way to accomplish my goal, programming YubiKey to emit 64 character password with the highest level of entropy / security?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Aug 02, 2012 2:46 pm 
Offline

Joined: Mon Jul 30, 2012 11:14 am
Posts: 3
Bump.


Top
 Profile  
Reply with quote  
PostPosted: Fri Aug 03, 2012 11:15 am 
Offline
Yubico Team
Yubico Team

Joined: Mon Feb 22, 2010 9:49 am
Posts: 183
Hello,

Please find the steps below on how to write a 64 character static password using the "Cross Platform Personalization Tool":

Goto the "Cross Platform Personalization Tool" >> select Static Password Mode >> click on "Advanced" >> select the configuration slot >> Goto "Password Parameters" section >> enter Password Length as 64 in the box or use up or down arrow to select appropriate length.

Click on "Generate" button for generation of Public Identity, Private Identity and Secret Key.

And finally click on the "Write Configuration" button to write the setting to the YubiKey slot.

Hope this helps!

Thanks and best regards,
Samir.


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 09, 2012 2:59 pm 
Offline

Joined: Mon Jul 30, 2012 11:14 am
Posts: 3
This doesn't help me any further.

Unfortunately, it is not possible to set your own 64 character password. I read several concerned reports of Yubico's implementation of the static passkey.
Because I want to have the key as safe as possible, I would like to compare the generated key from StaticKey with the one from the "Cross Platform Personalization Tool".


Top
 Profile  
Reply with quote  
PostPosted: Mon Aug 13, 2012 10:53 am 
Offline
Yubico Team
Yubico Team

Joined: Mon Feb 22, 2010 9:49 am
Posts: 183
Hello,

YubiKey supports two modes for static password viz. a) scan code mode and b) advanced mode (both described below FYI).

As per your description in previous mail, we recommend you to use 'Scan Code mode' for configuring YubiKey in staticpassword mode.

a) Scan Code mode:

In static password - scan code mode of the YubiKey, you can program your own static password that can consist of up to 38 alphabets, digits and special characters. Please note, functioning of this mode is dependent on the keyboard layout and currently only QWERTY US English layout is supported.

To program YubiKey in Static Password - Scan code mode:
a) start the Cross-platform personalization tool and select "Static Password" option from the menu
b) click "Scan Code" button
c) select the configuration slot you want to program
d) type the password you would like the YubiKey to emit in the "Password" box
e) insert a YubiKey and click "Write Configuration"

b) Advanced mode:

In the advanced mode you can emit a static password of up to 64 characters. In this mode, you cannot directly set the static password string. Instead, the static password is generated as a result of an encryption function involving the Secret key and YubiKey Public and Private ID parameters provided at the time of programming the YubiKey. The output in the advanced mode is in “modhex” format (a variant of hex format) that supports most standard keyboard layouts. You also have options to emitpassword as a combination of Upper and Lower case letters, alphanumeric and/or include '!' character as the first character of the output. Please note, these options (for Upper/Lower case and alphanumeric) apply to only first few characters of the output in this mode.

Hope this helps!

Thanks and best regards,
Samir.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group