Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 4:07 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Tue Jun 03, 2008 9:14 am 
Offline

Joined: Tue Jun 03, 2008 8:57 am
Posts: 2
Some ways a javascript version could be implemented:

As a direct authentication method for web servers that natively support serverside javascript such as Aptana's Jaxer, or the Firefox extension Plain Old Webserver.

Also, as the authentication part of the code for a Firefox extension that adds the Yubikey as "something you have" multi-factor capability to the Master Password input that protects all the saved passwords in Firefox. I think this would require expert knowledge, which I do not have :(

----------------
Now playing: ABC Radio Online - Dr Karl - Science on TripleJ Mornings 2008-05-29
via FoxyTunes


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Jun 10, 2008 8:01 am 
Offline
User avatar

Joined: Wed May 07, 2008 5:25 pm
Posts: 110
Location: Sunnyvale, California
You are right that there are many kinds of shapes and forms that an OTP can be generated. And a web-based way or software tokens are highly desirable in some scenarios. But my opinion is that YubiKey is probably the easiest way and the most worry-free compromise that you don't need to worry much about many security challenges in software-based and Internet-based implementations.

Paul

_________________
The YubiKey Server Guy


Top
 Profile  
Reply with quote  
PostPosted: Sun Jun 15, 2008 9:24 am 
Offline

Joined: Tue Jun 03, 2008 8:57 am
Posts: 2
I'm sorry I wasn't referring to a script-based implementation of a OTP. I was asking for a javascript implementation, or port, of the client library for Yubikey verification.


Top
 Profile  
Reply with quote  
PostPosted: Sun Jun 15, 2008 11:55 pm 
Offline
Site Admin
Site Admin

Joined: Tue May 06, 2008 7:22 pm
Posts: 151
I don't know of a javascript-implementation of the library. You will need to retrieve a HTTP URL from javascript, and some string parsing to parse the response according to our protocol:

http://yubico.com/developers/api/

Bonus points for verifying the HMAC-SHA1 signature against a shared secret.

If you or anyone comes up with any code to do this, I'm sure it will be appreciate by someone in the future!

/Simon


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group