Yubico Forum https://forum.yubico.com/ |
|
Newbie https://forum.yubico.com/viewtopic.php?f=16&t=504 |
Page 1 of 1 |
Author: | WayneM [ Mon Mar 15, 2010 4:42 pm ] |
Post subject: | Newbie |
New and confused.... Okay so I understand how to use my yubikey with my online password management security program, but what I'd like to know is can I use it to provide security for files/folders stored on my hard-drives? I use Androsa Fileprotector if that is of any help. Thanks much for the help and your patience. |
Author: | samir [ Wed Mar 17, 2010 10:09 am ] |
Post subject: | Re: Newbie |
YubiKey can be operated in two basic modes:
2) Static Password mode These modes are explained in details below:
In the One Time Password (OTP) mode, every time the user presses the button, the YubiKey generates a 44 character password which contains the static “YubiKey ID” and an event based “One Time Password”. For Example: Observe the following OTPs generated from a YubiKey configured in “One Time Password” mode: fuhkifhkhufbfdccgukghlbuinldkcndkrrluvedbthrhi fuhkifhkhufbfdvblbbleffckfhthjdgrgjrbtjbnnlhdl fuhkifhkhufbfdhgghncdchnkhrribnukccgurhtlgkfuf fuhkifhkhufbfdfcicntcjjdjgchdgifgjebgrenugrfuk fuhkifhkhufbfdcrtefbtnnebvtuvhdthbrltvckergedl Here the first 12 characters representing the YubiKey ID of all the OTPs are the same. The next 32 characters representing the One Time Password are all different and generated based on the event based OTP generation scheme of the Yubico, thus resulting in a unique 44 character password every time. To validate the OTP generated by the YubiKey (in the “One Time Password” mode), the OTP needs to be sent to the Yubico online Validation Server (or a locally hosted copy of the validation server). The Yubico Validation Server validates the OTP and if it is valid, returns “OK” status or else returns a negative status response. Please note that a OTP can be successfully validated only once. 2) Static Password mode: Use of an OTP makes it very difficult for attackers to gain unauthorized access to protected resources/services. However, the application needs to communicate with a server to validate the OTPs. This may not be possible in all cases, particularly when network access is not available to communicate with the server, e.g. in pre-boot authentication mode. In such case, a YubiKey can generate a strong static password which can be validated by an application locally without the need to connect to a server. In the “Static Password” mode, every time a user presses the button, the YubiKey generates a up to 64 characters password which contains a static “YubiKey ID” and a static password. For Example: Observe the following passwords generated from a YubiKey configured in 44 characters “Static Password” mode: fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu Here the first 12 characters represent the YubiKey ID and the next 32 characters represent the static password (which is generated as a result of an encryption function involving the AES key and YubiKey parameters. A unique key will generate a unique PW.) is always the same when the button is pressed, thus resulting in same 44 character strong password every time. As the static password generated by the YubiKey (in the “Static Password” mode) is always the same, there is no need to validate it against the Yubico Validation Server. The password can be used as a conventional but strong password (in a system validating regular passwords). The YubiKey can be reprogrammed for emitting up to 64 characters static password including alphanumeric characters. It also can be configured for emitting your own password of up to 16 characters. The new YubiKey 2.0 has two configuration slots. These configuration slots work independently and be reprogrammed for following four combination:
2) OTP + Static 3) Static + OTP 4) Static + Static When the YubiKey 2.0 is shipped, it's first configuration slot is factory reprogrammed for OTP mode (which works with online Yubico OTP validation server) and the second configuration slot is left blank. You can reprogram the YubiKey configuration slot 2 for static password mode. From the Androsa Fileprotector's website, it seems that it does not support YubiKey OTP mode. However, you can configure your YubiKey to static password mode and use this static password as the password required for encryption/decryption in the Androsa Fileprotector. We hope this helps! |
Author: | Bryan53 [ Thu Mar 18, 2010 12:17 pm ] |
Post subject: | Re: Newbie |
samir wrote: Here the first 12 characters represent the YubiKey ID and the next 32 characters represent the static password (which is generated as a result of an encryption function involving the AES key and YubiKey parameters. A unique key will generate a unique PW.) is always the same when the button is pressed, thus resulting in same 44 character strong password every time. For the static password I have set in the second slot of my YubiKey, the first 12 characters are not the YubiKey ID used in the OTP. I suppose I could force it to use those characters, but since (as you noted) there is no server authentication for the static password, there's no need for it to include the YubiKey's ID. |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |