Yubico Forum

New firmware release 2.2
Page 1 of 1

Author:  Jakob [ Thu Sep 16, 2010 12:42 am ]
Post subject:  New firmware release 2.2

As some have noticed, we've now silently sneaking out a new firmware release for the Yubikey. As usual, the new firmware shall be fully backwards compatible so anyone not interested in the new functionality should not have to bother at all. However, see (3) below.

The new functionality comprises the following:

1. Factory-programmed serial number. The serial number can be configured to be visible via API calls, via the USB descriptor or by holding the button and releasing it during startup. As we fully integrate the 2D-barcodes in production, all deployed keys will have a DataMatrix code + human readable number reflecting this serial number.
2. Challenge-response mode assisted by API calls. Both Yubico OTP and HMAC-SHA1 is supported.
3. Scan code mode static password has been extended from 16 to 38 characters. Note that a bug in the 2.1 Windows configuration tool causes problems in this mode for 2.2 keys. Download the latest update from our web to resolve this issue.
4. Support for a preset moving factor seed in OATH-HOTP mode.
5. The "Terminal Server Shift bug" has been fixed.

We are now updating the web with the new tools and we'll post more information over the coming weeks. Please check out at http://www.yubico.com/developers/personalization/

With the best regards,

Hardware- and firmware guy @ Yubico

Author:  wkossen [ Wed Oct 06, 2010 8:14 am ]
Post subject:  Re: New firmware release 2.2

in many types of hardware, firmware is upgradeable. How is this for the Yubikey? Is it possible to upgrade a 2.0x to the new 2.2 and get the OATH features?

Kind Regards,

Willem Kossen

Author:  efaden [ Fri Oct 22, 2010 12:57 am ]
Post subject:  Re: New firmware release 2.2

I don't believe that it is upgradable (which is a serious drawback). Are there any discounts to upgrade keys?

Author:  ferrix [ Sun Oct 24, 2010 8:03 am ]
Post subject:  Re: New firmware release 2.2

It's really just a drawback only if you need one of the features the new firmware provides. Knowing that the keys cannot be upgraded (this is correct), why would you purchase one unless it does what you want? Unless you heard a new feature was coming but somehow bought an older key before the feature was completed. In this case I bet yubico would accommodate you.

I definitely love flashable, upgradable things, but they cost more. Also it's not a desirable trait at all to have in a security device. You want the software in the device to be permanent, and known-good.

I think it would be cool to have an exchange program where you could get a new key by sending in your old one and a few bucks. But shipping costs make that impractical; by the time you do a round trip of shipping that's half way to the cost of a brand new key!

Anyway look on the bright side, if you just get a new key, you get to keep the old one and use it for something else. Or give it to your mom so she will not forget her password any more. :)

Author:  Jakob [ Sat Oct 30, 2010 1:10 am ]
Post subject:  Re: New firmware release 2.2

Yes - it is all a cost- and security issue. Adding DFU or "Device Firmware Upgradable" feature would make the product more complex and subject to upgrade errors and potential threats. We use a ROM based design, where the firmware is "factory hard-coded".

We see it a bit like a SIM card in a cell phone - although technically possible to make these DFU as well, these are low-cost items and DFU simply does not make sense. Seriously -it is not a Machiavellian business decsision to force people to buy regular upgrades :)

Furthermore, we have a constant feedback from customers preferring stability and "time-in-market-without-bugs" before new cool features. We are balancing this to the feature wish-lists.

We'll think about the issue of making an upgrade offer shortly.


Hardware- and firmware guy @ Yubico

Author:  wildchild [ Sat Oct 30, 2010 5:47 am ]
Post subject:  Re: New firmware release 2.2

How about us, developers, wanting to develop for all versions of the Yubikey while only having one version in stock ?
Is there any possibility to get a set of two or three keys ; or to swap existing keys by sending two/three keys back ?

This in order to test yubikeys validated by the Yubico server ; a separate AES key and eventually one to test secondary configurations with etc.. ?

Also ; I've tried to find the personalization tool, but, found no download links for the Windows versions; where are they ?

With friendly regards,

Gunther ; Freaking Wildchild.

Author:  Jakob [ Tue Nov 02, 2010 10:26 pm ]
Post subject:  Re: New firmware release 2.2

Sure - drop me an e-mail and tell me about your project. I'll then be happy to send a triple of 1.3, 2.0 and 2.1 keys. My e-mail is jakob at yubico dot com

The broken links have been restored. Sorry for that - we just updated our web completely.


Hardware- and firmware guy @ Yubico

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group