|
Hello! As we read in the documentation, yubikeys have IDs which are six bytes in length.
To me, this means that Yubikey ID's are in the range of 0x000000 to 0xFFFFFF. Ok.
But Yubikey IDs which are in the range of 0x280000 to 0x28FFFF are special IDs. Customer IDs?
Well here's my problem. I am working on a system that assigns account numbers based on the Yubikey ID. However, some account numbers will be granted to non-yubikey users. Say, users who instead of typing in an OTP type in "anything else". And so, I need a range of account numbers which are guaranteed to never be used by Yubikey for OpenID.
Essentially, can I assume any 6-byte account which begins with 0x28 (i.e. 0x280000 to 0x28FFFF) is a non-yubikey? Or should I use accounts which are, say, 0x01000000 to 0x01FFFFFF (seven bytes in length)? The docs say no. But what about smaller account numbers, such as 5 bytes or 4 bytes? What does "Private context" mean? Does that mean I can use them for my system's non-yubikey users? This is all a little confusing.
If someone could just help me to understand what range of account numbers are guaranteed never to be used by Yubikeys, I would be very happy!
Thanks!
|
Login
FAQ
Search
