Yubico Forum
https://forum.yubico.com/

Static Yubikey How to...
https://forum.yubico.com/viewtopic.php?f=4&t=205
Page 1 of 3

Author:  snapo [ Sat Nov 15, 2008 5:15 pm ]
Post subject:  Static Yubikey How to...

Hi there ... i would use my Yubikey that it only do one static key.
how i can perform this?
and how to configure it?
is it possible to remove the enter keystroke at the end?

My targed is to only have a 20 or more digit long static password. i know if i lost the key i cant recognize.
pls tell me a way to do this. i havent found a solution only that yubikeys shipped after july allow it. my yubikey was shipped on 7. October


thanks mike

Author:  Mashed Life [ Tue Nov 25, 2008 1:13 am ]
Post subject:  Re: Static Yubikey How to...

snapo wrote:
Hi there ... i would use my Yubikey that it only do one static key.
how i can perform this?
and how to configure it?
is it possible to remove the enter keystroke at the end?

My targed is to only have a 20 or more digit long static password. i know if i lost the key i cant recognize.
pls tell me a way to do this. i havent found a solution only that yubikeys shipped after july allow it. my yubikey was shipped on 7. October

thanks mike


You can get a Yubikey that generates static passwords from the store:

http://mashedlife.com/make_key.php

Cheers

Author:  dallen [ Sat Jan 03, 2009 2:05 am ]
Post subject:  Re: Static Yubikey How to...

I recently purchased a yubikey for the purpose of generating a static random password. However, it seems that the directions on how to change the yubikey from a one-time-password generator into a static password generator are less than easy to understand. The original question presented in this thread seemed to ask the same questions that I have, but have not been answered.

For those of us that have purchased a regular yubikey, how do we go about converting it into a static password generator. Please be specific for those of us that have already downloaded the yubikey configuration SDK, but are pretty clueless when it comes to programming in C++ or Visual Basic.

To summarize my question, are there simple directions available for converting a regular yubikey into a static password generator?

Author:  doyle [ Sat Jan 03, 2009 3:19 pm ]
Post subject:  Re: Static Yubikey How to...

Just got my yubikey

Really want to use it as a staic password.

Please could someone write a step by step guide. Like the post before I would like just a simple guide on how to set this up.

Regards

Simon

Author:  network-marvels [ Mon Jan 05, 2009 11:30 am ]
Post subject:  Re: Static Yubikey How to...

Thanks for your valuable suggestion. We would definitely provide a step by step guide for Yubico Personalization tool ASAP.

Author:  ferrix [ Thu Jan 08, 2009 2:51 am ]
Post subject:  Re: Static Yubikey How to...

IMO the personalization tool is very hard to understand since it exposes all kinds of very technical details about the key without explaining them or talking about what combinations you can use them in.

There are a lot of details, too, about how the yubikey does static passwords that are very non-intuitive to casual users.

Therefore, here is my solution. A script for everyone (on windows) to examine and use:
http://s3.collectivesoftware.com/statickey.wsf

Here is a copy of the instructions (also available inside the script source)
Code:
StaticKey version 1.0
Copyright(c) 2009 Collective Software, LLC
Free to use for the yubikey community, in the hopes it will be useful.

A simple "static password" yubikey programmer for Windows Script host.
It produces a 64 character password, with 256 bits of true complexity.

You need to have the yubikcom.dll registered.  This can be done by
installing the so called "personalization tool" from
http://www.yubico.com/developers/personalization/

Simple usage:
* Install the "personalization tool" (see above)
* Make sure you understand that you are deleting the old yubikey data!
* Plug in your yubikey
* Launch script
* Enter a 64 character hexadecimal string as can be found at:
   https://www.grc.com/passwords.htm
* After the key is programmed, touch the green ring to see the static
  password. 
   
There are two things you should understand about what your static
passwords will look like:

1)
Yubikeys always talk in the language of "modhex" which is similar to
normal hexadecimal, except instead of:
   0123 4567 89ab cdef
it uses the characters:
   cbde fghi jkln rtuv
So no matter what you enter for the input, the output will always look
like modhex.

2)
The first 32 characters of the static password will be a simple modhex
transcription of the first 32 characters of your input string.  BUT the
last 32 characters will be the result of an AES encryption operation.
They will be the same every time, because all the inputs to the AES
operation are the same (static).  But they are not a literal copy of
your exact input characters. 

For example, for the input string:
   0000000000000000000000000000000000000000000000000000000000000000
the static password generated is:
   ccccccccccccccccccccccccccccccccncejelrjvjvvciclerknrlihnteljrcb
You see the first half is all "c"s, which is modhex for "0".  But the
last half is changed because of the AES.  This is not a "feature" or
a "bug".  The AES operation does not add or subtract any security in
this situation, since it produces the same static result each time. 
It is just an artifact of the way yubico programmed their firmware.
   
Other details:

This programmer is completely deterministic and it does not add any
randomness or complexity to your password beyond the 64 characters you
enter.  Entering the same value many times will produce identical static
password'ed keys (this is considered a feature).  So it is IMPORTANT
to get a VERY RANDOM entry string so you will be as secure as possible. 
Get your string from https://www.grc.com/passwords.htm or some other
source of strong randomness.  Do not just type stuff from your keyboard.

If you want to remove the "enter" key from the end of the password entry
sequence, comment out the line:
   yk.ykFlagProperty(5) = true;
by adding two slashes // in front of it. 

If you want it to be a "tab" instead of an "enter", change the line to
   yk.ykFlagProperty(2) = true;

Author:  Jakob [ Sun Jan 11, 2009 1:47 am ]
Post subject:  Re: Static Yubikey How to...

Thanks, Ferrix for this description.

As mentioned earlier, the "tools" you're refering to is not really a tool. It is just a barebone boilerplate code example on how to use the Yubikey configuration component.

For some reason which is kind of hard to recall, we've never made a proper configuration tool available.

But - we are just about to release two, both as binaries and with source.

a) Windows GUI tool, simple to use with a self-explanatory step-by-step Wizard-like guide. Based on the COM component. Will be included in that package.
b) LibUSB text-mode plain-vanilla C version to be portable between Linux, MacOsX and Windows.

Please have patience - it is not very far away

Regards,

Jakob E
Hardware- and firimware guy @ Yubico

Author:  Simon [ Fri Jan 16, 2009 4:51 pm ]
Post subject:  Re: Static Yubikey How to...

Source for the libusb variant is now available, please see:

http://yubico.com/developers/personalization/

This will make it easier for GNU/Linux users to personalize yubikeys at least.

/Simon

Author:  Kreisquadratur [ Mon Jan 19, 2009 7:40 pm ]
Post subject:  Re: Static Yubikey How to...

@Simon: Sorry for bringing this up, but I can't get the personalizing tool to run/compile. I tried to compile it on a Mac with OS X as - I guess you said seems to work for some people. I get an error during
Code:
make
, that libusb is not available; sure it isn't ;-) I then downloaded it, although I did not know from which source, so I picked
Code:
libusb.sourceforge.net
. But then I didn't know how to proceed.

So maybe a general question for all guys who could make it run/compile it on a Mac. I would appreciate every idea and solution.

Author:  Datsys [ Wed Feb 04, 2009 3:46 pm ]
Post subject:  Re: Static Yubikey How to...

Hi,
I am really new to this whole Yubikey thing and there are somethings I need to understand and get done. The first way I want to use the key is in static mode to generate the same password every time. First question is can I put in my own password like if I wanted to use one of GRCs super long passwords, instead of having the key create it automatically? Second question is can I have more than one key using the same passwrod? We have 4 other guys in Tech and we will all need to have those keys when on the road

Thanks for the help.

Page 1 of 3 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/