Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 12:27 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: New to yubikeys
PostPosted: Tue Jul 05, 2016 3:58 am 
Offline

Joined: Sun Jul 03, 2016 5:12 am
Posts: 2
So I just got my yubikeys in the mail the other day and I'm just confused on a few parts of it.

First off, when I generate keys with the token, I'm assuming that OTP means they cannot be used again on another service (hence the one time part). However, say a friend or relative borrows my keys for a moment to get into my car and they decide to generate a list of 25 OTPs on their phone while they're away going to my car. Will these all work for them and allow them into my car, or will using one key prevent any keys generated before it from being used? In other words, if I generate 10 keys and save them to a text file, then use my yubikey to login to a site, will the first 10 keys that I saved still be valid or is there a time encoded in it that is updated somewhere (ex. Yubico's API) which won't allow keys generated beforehand?

Secondly, there are two slots on the device, how will it know which configuration to use?

Thirdly, I know you can reprogram your key to do other things, such as enter a static password or act as a TOTP generator. I also know the first slot comes preconfigured and overwriting it will destroy the YubiCloud configuration. I'm guessing this can be reset to work again (after sending the new AES key to the YubiCloud) to act just like it does from the factory?

I want to try customizing one of my devices to see all what it can do and what would be the best approach, however there's no simple "Click to factory restore" option and I can't see what the specific settings are for the device. What is the exact configuration of the devices from factory?

What are the differences between the Yubikey nano and YubiHSM? They look similar but the YubiHSM is 110 times the price, so it's obviously something worth more. I won't be purchasing one anytime soon, I'm just curious is all.

Also, I do have one of each device so you're aware (4, 4 nano, and neo. not the fido)


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

 Post subject: Re: New to yubikeys
PostPosted: Tue Jul 05, 2016 4:14 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
(1) Once a Yubico OTP is validated, all previously generated OTPs are invalidated. You can test this out by sending a bunch of OTPs to Notepad or something similar, then go to demo.yubico.com and test a new OTP, then paste previously generated one and see that it fails on the test site.

(2) Slot 1 - tap the button. Slot 2 - tap and hold the button for ~ 3 seconds (hold it until something is sent) - if we're talking the YubiKey NEO on Android over NFC, only one of the slots can be used since the device doesn't receive enough power to use button press.

(3) There is no factory reset option. The Yubico OTP credential can be wiped from slot 1 and a new one can be generated and uploaded (https://www.yubico.com/products/service ... ey-upload/), but the original credential cannot be recovered.

The Yubico-generated and customer-generated Yubico OTP credentials are virtually identical - the only difference being that Salesforce requires the Yubico-generated credential. Any other services that I'm aware of will also accept customer-generated Yubico OTP credentials.


Top
 Profile  
Reply with quote  
 Post subject: Re: New to yubikeys
PostPosted: Tue Jul 05, 2016 8:32 pm 
Offline

Joined: Sun Jul 03, 2016 5:12 am
Posts: 2
Thanks for the information!

As for the OATH-HOTP, does this have the same setup as far as using a key blocks old keys, or is that just the cloud version?

What is the difference between the Yubico OTP and Challenge-Response Yubico OTP?


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group