Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 8:11 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Newbie
PostPosted: Mon Mar 15, 2010 4:42 pm 
Offline

Joined: Mon Mar 15, 2010 4:39 pm
Posts: 1
New and confused.... :lol:

Okay so I understand how to use my yubikey with my online password management security program, but what I'd like to know is can I use it to provide security for files/folders stored on my hard-drives? I use Androsa Fileprotector if that is of any help.

Thanks much for the help and your patience.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

 Post subject: Re: Newbie
PostPosted: Wed Mar 17, 2010 10:09 am 
Offline
Yubico Team
Yubico Team

Joined: Mon Feb 22, 2010 9:49 am
Posts: 183
YubiKey can be operated in two basic modes:

    1) One Time Password (OTP) mode
    2) Static Password mode

These modes are explained in details below:

    1) One Time Password (OTP) mode:

    In the One Time Password (OTP) mode, every time the user presses the button, the YubiKey generates a 44 character password which contains the static “YubiKey ID” and an event based “One Time Password”.

    For Example:

    Observe the following OTPs generated from a YubiKey configured in “One Time Password” mode:

    fuhkifhkhufbfdccgukghlbuinldkcndkrrluvedbthrhi
    fuhkifhkhufbfdvblbbleffckfhthjdgrgjrbtjbnnlhdl
    fuhkifhkhufbfdhgghncdchnkhrribnukccgurhtlgkfuf
    fuhkifhkhufbfdfcicntcjjdjgchdgifgjebgrenugrfuk
    fuhkifhkhufbfdcrtefbtnnebvtuvhdthbrltvckergedl

    Here the first 12 characters representing the YubiKey ID of all the OTPs are the same. The next 32 characters representing the One Time Password are all different and generated based on the event based OTP generation scheme of the Yubico, thus resulting in a unique 44 character password every time.

    To validate the OTP generated by the YubiKey (in the “One Time Password” mode), the OTP needs to be sent to the Yubico online Validation Server (or a locally hosted copy of the validation server). The Yubico Validation Server validates the OTP and if it is valid, returns “OK” status or else returns a negative status response. Please note that a OTP can be successfully validated only once.

    2) Static Password mode:

    Use of an OTP makes it very difficult for attackers to gain unauthorized access to protected resources/services. However, the application needs to communicate with a server to validate the OTPs. This may not be possible in all cases, particularly when network access is not available to communicate with the server, e.g. in pre-boot authentication mode. In such case, a
    YubiKey can generate a strong static password which can be validated by an application locally without the need to connect to a server.

    In the “Static Password” mode, every time a user presses the button, the YubiKey generates a up to 64 characters password which contains a static “YubiKey ID” and a static password.

    For Example:

    Observe the following passwords generated from a YubiKey configured in 44 characters “Static Password” mode:

    fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
    fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
    fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
    fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
    fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu

    Here the first 12 characters represent the YubiKey ID and the next 32 characters represent the static password (which is generated as a result of an encryption function involving the AES key and YubiKey parameters. A unique key will generate a unique PW.) is always the same when the button is pressed, thus resulting in same 44 character strong password every time.

    As the static password generated by the YubiKey (in the “Static Password” mode) is always the same, there is no need to validate it against the Yubico Validation Server. The password can be used as a conventional but strong password (in a system validating regular passwords).

    The YubiKey can be reprogrammed for emitting up to 64 characters static password including alphanumeric characters. It also can be configured for emitting your own password of up to 16 characters.

The new YubiKey 2.0 has two configuration slots. These configuration slots work independently and be reprogrammed for following four combination:

    1) OTP + OTP
    2) OTP + Static
    3) Static + OTP
    4) Static + Static

When the YubiKey 2.0 is shipped, it's first configuration slot is factory reprogrammed for OTP mode (which works with online Yubico OTP validation server) and the second configuration slot is left blank. You can reprogram the YubiKey configuration slot 2 for static password mode.

From the Androsa Fileprotector's website, it seems that it does not support YubiKey OTP mode. However, you can configure your YubiKey to static password mode and use this static password as the password required for encryption/decryption in the Androsa Fileprotector.

We hope this helps!


Top
 Profile  
Reply with quote  
 Post subject: Re: Newbie
PostPosted: Thu Mar 18, 2010 12:17 pm 
Offline

Joined: Tue Feb 02, 2010 2:05 am
Posts: 12
samir wrote:
Here the first 12 characters represent the YubiKey ID and the next 32 characters represent the static password (which is generated as a result of an encryption function involving the AES key and YubiKey parameters. A unique key will generate a unique PW.) is always the same when the button is pressed, thus resulting in same 44 character strong password every time.

For the static password I have set in the second slot of my YubiKey, the first 12 characters are not the YubiKey ID used in the OTP. I suppose I could force it to use those characters, but since (as you noted) there is no server authentication for the static password, there's no need for it to include the YubiKey's ID.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: Heise IT-Markt [Crawler] and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group