Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 7:04 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Thu Mar 26, 2009 6:28 pm 
Offline

Joined: Thu Mar 26, 2009 5:55 pm
Posts: 1
Hi all,

I have a reprogrammed yubikey. All is fine, but...

In the documentation under http://wiki.yubico.com/wiki/index.php/Yubikey stands:
The timecode starts at 1 once the Yubikey is powered. It is incremented by an 8 Hz internal clock and counts from 1 to 16,777,216 which gives it a runtime of 24.27 days. When it reaches its limit, the session is terminated and no more OTPs can be generated.

Ok! Not mine...

Yubikey in, button pressed, decoded:
byte 10: 105
byte 09: 190
byte 08: 170

Once again, yubikey out, drink some coffee, yubikey in, press the button, decode:
byte 10: 248
byte 09: 196
byte 08: 99

All other is Ok. SessionCounter, TokenCounter, CRC.

In the second example, the time would be (248 * 65535 + 196 * 256 + 99) \ 8 Hz = 2037869,375 seconds = 23,58 days.
So I have 24,27 - 23,58 = 0,69 days left, before the Yubikey stops generating keys.

If I let the Yubikey in and press it some times, the time difference between the pushes is correct.

Did I miss something?

Andreas


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Fri Mar 27, 2009 10:26 am 
Offline
Site Admin
Site Admin

Joined: Tue May 06, 2008 7:22 pm
Posts: 151
This was changed after comments made here on the forum actually!

The timestamp now start at a random position. There is no need for it to start at 0 (or 1), the sever needs to store the values and compute the difference between two OTPs anyway.

I'm not sure the wiki page is correct anyway, I thought the timestamp wrapped around and just continued. There isn't a problem with that as long as the ctr/use counters are incremented properly.

/Simon


Top
 Profile  
Reply with quote  
PostPosted: Mon Mar 30, 2009 9:17 pm 
Offline

Joined: Tue Nov 25, 2008 12:10 am
Posts: 12
Was actually suspecting this to be the case...

So, if the timestamp is no longer a limiting factor per-session, does the use counter then become the limiting factor? I'd assume so, as there has to be something to ensure that the OTP's are indeed ONE TIME, right?


Top
 Profile  
Reply with quote  
PostPosted: Mon Apr 06, 2009 12:16 am 
Offline
Site Admin
Site Admin

Joined: Wed May 28, 2008 7:04 pm
Posts: 263
Location: Yubico base camp in Sweden - Now in Palo Alto
The timestamp is not needed to verify the OTP although it certainly can add an extra level of security.

Each OTP is guaranteed to be unique by the means of the usage counter and the session counter. If the session counter wraps, the usage counter is automatically incremented.

Regards,

JakobE
Hardware- and firmware guy @ Yubico


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group