Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 4:23 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Fri Jun 25, 2010 1:01 pm 
Offline

Joined: Thu Jun 24, 2010 12:39 am
Posts: 3
I'm using my yubikey for openid and keygenius =) love it.

Now I have some questions:

1) How many power-ups do I have? (non-volatile counter)

2) Is it reset when a new AES/OTP config is programmed?

3) Do the session/global counters wrap-around eventually?

4) How many OTPs can I generate per power-up (e.g. 48h coding session =) )?

5) Chicken & Egg problems: is it possible to use yubikey OTP for pam logins into Gnome Desktop? Encrypted home partition? How to solve this if pam is used to unlock gnome-keyring, gnome-keyring stores WiFi passwords, and WiFi is needed to connect to yubico server to authenticate pam? Also what about using pam to access gpg keys and encrypted home? any suggestions. Or shall I use static passwords for this?

Thanks =)


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Sat Jul 03, 2010 11:38 pm 
Offline
Site Admin
Site Admin

Joined: Wed May 28, 2008 7:04 pm
Posts: 263
Location: Yubico base camp in Sweden - Now in Palo Alto
tdlk wrote:
I'm using my yubikey for openid and keygenius =) love it.

Always nice to hear :)

Quote:
Now I have some questions:

1) How many power-ups do I have? (non-volatile counter)

Hard to say. Assuming Yubico OTP mode, the Yubikey counts up the first time an OTP is generated after power up. Then the session counter counts up
The use counter is limted to 15 bits, which today seems a bit stupid, trying to stuff bits as tight as possible. But, assuming even five power-ups per day, 365 days per year it will still take 32768 / 5 / 365 = 18 years for the counter to get stuck. I strongly doubt that it will ever happen to any [normal] user...

In OATH-HOTP mode, the counter is 16-bits, thereby expanding to double that number. OTOH, in HOTP mode, the non-volatile counter counts up every time the Yubikey is used.

Quote:
2) Is it reset when a new AES/OTP config is programmed?

Yes. If the counter eventually would hit the wall, the key can always be re-configured. Then the counter is back at zero again.

Quote:
3) Do the session/global counters wrap-around eventually?
4) How many OTPs can I generate per power-up (e.g. 48h coding session =) )?

In Yubico OTP mode, the counter gets stuck at 32767. In HOTP mode, it wraps from 65535 -> 0.
The session counter is 8 bits wide, giving 256 counts per power up cycle. If this counter wraps, the use counter is incremented, thereby avoiding a clash.

Quote:
5) Chicken & Egg problems: is it possible to use yubikey OTP for pam logins into Gnome Desktop? Encrypted home partition? How to solve this if pam is used to unlock gnome-keyring, gnome-keyring stores WiFi passwords, and WiFi is needed to connect to yubico server to authenticate pam? Also what about using pam to access gpg keys and encrypted home? any suggestions. Or shall I use static passwords for this?

Seems like a static password would be best here. You can always use the second configuration for that.


Best regards,
JakobE
Hardware- and firmware guy @ Yubico


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 08, 2011 12:09 pm 
Offline

Joined: Fri Jan 21, 2011 11:24 pm
Posts: 6
Location: York, UK
Can I resurrect this thread to ask what happens to the timer after 24.47 days? Does it wrap, or get stuck? http://wiki.yubico.com/wiki/index.php/Yubikey says "the session is terminated and no more OTPs can be generated" but one of our customers kept getting OTPs after 25 days, just not that our server would validate. I've not got a log of the tokens generated, so can you fill me in on what to expect the timer value to show?


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: YahooSeeker [Bot] and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group