Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 10:12 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Fri Nov 04, 2016 8:07 pm 
Offline

Joined: Fri Nov 04, 2016 11:23 am
Posts: 2
In yubikey-personalization-gui (3.1.24, linux), there's a confusing note in Help: Public Identity: Yubico OTP validation server requires Public Identity to be of 12 characters (6 bytes) in order to correctly extract the Secret Key. If you change the Public Identity to any other length, the Yubico OTP validation server won't be able to extract the Secret Key and the OTP validation will fail.

Validation server is extracting the secret key not from the OTP token, but from the data sent during the registration, which is structured, so no problem should occur here.

If "encrypted part of token" was in fact meant by "secret key", why is it a problem here, provided that the encrypted part is one block of AES-128 cipher text, i.e. fixed length (so UID would be the whole substring before the fixed encrypted data)? (In this case, the typo should be fixed an the app.)

I guess i might be wrong in some assumption, because of different legacy protocols, or so.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Sun Nov 06, 2016 6:57 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
If you're using a Yubico validation server (or the YubiCloud, the one that the default configuration is authenticating against), the first 12 characters are the public identity (essentially a username, if you will), while the remainder of the OTP is the actual one-time password. If you were to program a 40 character OTP, for example, the YubiCloud still assumes the first 12 characters are the public identity (when in fact, in this model, only the first 8 are).

If you're standing up your own server, I believe you can program it to where shorter OTPs are used, therefore shorter public identities as well, but that's outside of our model. https://developers.yubico.com/OTP/OTPs_Explained.html


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group