| Yubico Forum https://forum.yubico.com/ |
|
| OpenID and your own site https://forum.yubico.com/viewtopic.php?f=16&t=521 |
Page 1 of 1 |
| Author: | andresr [ Thu Apr 22, 2010 7:35 am ] |
| Post subject: | OpenID and your own site |
I am a new yubikey user and I would like to know what security implications there are, if any, of using the yubico OpenID server code that includes my yubikey username in the header section on my public website for the purpose of having a shorter openid url instead of having to type in the full yubico OpenID server url. I am concerned about having my 12 digit yubikey username out there for the world to see. |
|
| Author: | wkossen [ Wed Oct 06, 2010 9:07 am ] |
| Post subject: | Re: OpenID and your own site |
hardly any. The first 12 could be considered the 'public' part of a keypair like in PGP / GnuPG or PKI. There also, you would openly publish the public part (look for public pgp keys at http://pgp.mit.edu/ for example). Still the PGP secrets are safe as long as the user doesn't publish those. You could run into trouble if you were going to post your AES secrets from your Yubikey on the internet. I don't think you're going to do that... theoretically there one risk as far as I can see: if you use those 12 chars as a static password at some sites (you shouldn't) |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|