Yubico Forum
https://forum.yubico.com/

Siltent feature - keyboard trig - Poll
https://forum.yubico.com/viewtopic.php?f=4&t=291
Page 1 of 1

Author:  Jakob [ Wed Mar 11, 2009 2:31 pm ]
Post subject:  Siltent feature - keyboard trig - Poll

Another "silent" feature of the Yubikey is the ability to "double-click" CapsLock, ScrollLock and NumLock keys to trigger the release of an OTP. It was introduced in an early stage where we thought that we could have a Yubikey without a button - known as "Yubikey Basic".

The function relies on monitoring the status LED output reports. If two reports are recieved within 0.8 seconds where the LED status flips, the OTP is triggered.

A caveat is of course that this in theory allows a Trojan to trigger the release of an OTP. If this is a real risk it is up to everyone to judge.


The default setting for this feature is OFF, so I believe most people haven't tried it.

What do you think - shall we keep this function as is or shall we drop it.

Regards,

JakobE
Hardware- and firmware guy @ Yubico

Author:  iipee [ Wed Mar 11, 2009 6:53 pm ]
Post subject:  Re: Siltent feature - keyboard trig - Poll

JakobE wrote:
A caveat is of course that this in theory allows a Trojan to trigger the release of an OTP. If this is a real risk it is up to everyone to judge.


I think this should be off by default -- I don't want trojan to be able to use my Yubikey.
Still it's nice feature: It could be used as a dongle for providing license for application. In that case vendor of the product would reprogram Yubikey to have that option enabled and send key to customer. Application can then be downloaded from internet and when running it would automatically test that "license dongle" is attached.

Author:  PatrickN [ Wed Mar 11, 2009 7:26 pm ]
Post subject:  Re: Siltent feature - keyboard trig - Poll

I second that, its not something I would use so would hope for it to be off by default. But I am sure someone would be willing to trade a little security for convenience.

Author:  wayne [ Wed Mar 11, 2009 11:50 pm ]
Post subject:  Re: Siltent feature - keyboard trig - Poll

I too would vote for keeping this option but leaving it OFF by default. I would very likely--on occasion--trade convenience for the increase in risk.

Author:  Dick [ Fri Mar 13, 2009 1:30 am ]
Post subject:  Re: Siltent feature - keyboard trig - Poll

I, too, would favor leaving the feature and having it off by default with the assumption that this would require the programming password to turn it on. Which, BTW, would suggest that the ability to turn it on and off should be added to the personalization tool.

Dick

Author:  JH2007 [ Wed Mar 25, 2009 4:50 am ]
Post subject:  Re: Siltent feature - keyboard trig - Poll

Dick wrote:
I, too, would favor leaving the feature and having it off by default with the assumption that this would require the programming password to turn it on. Which, BTW, would suggest that the ability to turn it on and off should be added to the personalization tool.


I agree.
Keep it, have it turned off, and put a on/off-toggle for it in the personalization software.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/