Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:36 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Thu Jun 29, 2017 4:57 am 
Offline

Joined: Thu Jun 29, 2017 4:52 am
Posts: 5
Referencing this article: https://developers.yubico.com/OTP/OTPs_Explained.html

I can see that OTPs generated contain two parts: the constant ID and the dynamic passcode.

Code:
cccjgjgkhcbb   irdrfdnlnghhfgrtnnlgedjlftrbdeut

cccjgjgkhcbb   gefdkbbditfjrlniggevfhenublfnrev

cccjgjgkhcbb   cvchfkfhiiuunbtnvgihdfiktncvlhck


Based on the ID or passcode, is it possible to detect what type of key this is? I would like to be able to detect if a key is a NEO or not.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Jun 29, 2017 5:02 am 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
No, you can't identify a YubiKey model by OTP. If it's the pre-programmed Yubico OTP credential then you can tell the serial number of the YubiKey, but nothing more.


Top
 Profile  
Reply with quote  
PostPosted: Thu Jun 29, 2017 5:14 am 
Offline

Joined: Thu Jun 29, 2017 4:52 am
Posts: 5
Thanks Chris. Let me explain why I wanted to do this and see if maybe there is a better way.

For our application a user can register a YubiKey with their account. After this is done, whenever they log in we present the YubiKey option as a second factor. If YubiKey is not configured or the device does not support YubiKey, then we fall back to other configured second factors (such as TOTP apps).

This works fine on a desktop platform, however, we also have mobile apps (iOS and Android). We have added support for our Android app to use YubiKey if configured and the user has NFC enabled on their device, however, this obviously will only work with a NFC enabled YubiKey (NEO). If the user did not register a NEO, we do not want to present the YubiKey as a second factor since obviously they can't use it on the device. We could ask the user at the time of registration what type of key this is, but it would be great if we could just detect it for them somehow so we can skip the YubiKey option automatically when logging in on mobile devices.

Any ideas?


Top
 Profile  
Reply with quote  
PostPosted: Thu Jun 29, 2017 8:30 am 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
This could only be done if U2F was being used. U2F utilizes transport hints, so this would be possible in that scenario. If you're simply using Yubico OTP, there's no way to do this. LastPass, for example, allows the user to set whether there is am OTP requirement on Android or not. Seems to me this would be the only reasonable option.


Top
 Profile  
Reply with quote  
PostPosted: Thu Jun 29, 2017 2:57 pm 
Offline

Joined: Thu Jun 29, 2017 4:52 am
Posts: 5
Thanks. In the end we just added a checkbox for the user to specify if they are using a NFC enabled key or not.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: Google [Bot], Heise IT-Markt [Crawler] and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group