Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:42 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 12 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: VIP on a NEO
PostPosted: Fri Nov 21, 2014 6:17 pm 
Offline

Joined: Tue Nov 18, 2014 9:14 pm
Posts: 95
Location: San Jose, CA
Hypothetically... If I were to post instructions on how anyone could get a unique HOTP (not TOTP) VIPAccess credential onto slot 2 of a YubiKey NEO, would that upset Symantec or Yubico?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

 Post subject: Re: VIP on a NEO
PostPosted: Fri Nov 21, 2014 6:39 pm 
Offline

Joined: Thu Oct 16, 2014 11:51 pm
Posts: 82
darco wrote:
Hypothetically... If I were to post instructions on how anyone could get a unique HOTP (not TOTP) VIPAccess credential onto slot 2 of a YubiKey NEO, would that upset Symantec or Yubico?


I sure hope not. One less key to carry would be nice.

B


Top
 Profile  
Reply with quote  
 Post subject: Re: VIP on a NEO
PostPosted: Fri Nov 21, 2014 8:39 pm 
Offline

Joined: Wed Nov 19, 2014 12:11 am
Posts: 31
It's a shame that Yubico have not produced a VIP Yubikey in any format other than Standard. I'd be interested in an official "Neo VIP", which I know has been discussed before. I guess there must be a per device fee to Symantec, otherwise there would be no reason not to put a VIP credential in slot 2 of new Neo and Neo-n devices that the user has the option of replacing with something else if they have no use for VIP.


You'd have to get hold of the secret of an existing VIP credential to VIP enable an existing Neo. I'm not sure how the VIP Access app for Android works - is the secret held on the device or is each OTP requested from a Symantec server? If the app holds its own secret, I guess it's possible to get hold of that secret by installing the VIP Access app on a rooted Android device or device simulator. It may be that the install has to go on an unrooted device that you then root, as many apps with a security function refuse to install on an rooted device.

If this is what is being thought of, it doesn't feel like a particularly 'clean' route to get hold of a VIP secret.


Yubico - there is still interest in an official "Neo VIP". As it is, I have a Neo and a VIP on my credential keyring, when I'd prefer one device.


Top
 Profile  
Reply with quote  
 Post subject: Re: VIP on a NEO
PostPosted: Fri Nov 21, 2014 9:44 pm 
Offline

Joined: Tue Nov 18, 2014 9:14 pm
Posts: 95
Location: San Jose, CA
Just extracting the key from an android device won't do you any good because that credential would be configured as a TOTP credential, and if you want your yubikey neo to act like a yubikey vip then you need a HOTP credential. (You could, however, use the Yubikey OATH app with the TOTP credential, but then you need the Yubico Authenticator app)

Anyway, don't be too concerned about the feasibility: I'm using my NEO as a HOTP VIP credential right now and it works beautifully.

What I'm wondering is if me posting how I did it (maybe even making a tool to make it super easy to set up) is going to upset Symantec or Yubico.

I don't want to burn any bridges.


Top
 Profile  
Reply with quote  
 Post subject: Re: VIP on a NEO
PostPosted: Wed Feb 11, 2015 6:54 am 
Offline

Joined: Wed Feb 11, 2015 6:50 am
Posts: 1
i can confirm that Symantec VIP access works fine on Yubico Authenticator app using TOTP.

it works really well. :)


Top
 Profile  
Reply with quote  
 Post subject: Re: VIP on a NEO
PostPosted: Sun Feb 22, 2015 6:15 am 
Offline

Joined: Sun Feb 22, 2015 12:36 am
Posts: 6
SkullKill wrote:
i can confirm that Symantec VIP access works fine on Yubico Authenticator app using TOTP.

it works really well. :)


Can you please share your method? I would really appreciate it :)


Top
 Profile  
Reply with quote  
 Post subject: Re: VIP on a NEO
PostPosted: Sun Feb 22, 2015 6:15 am 
Offline

Joined: Sun Feb 22, 2015 12:36 am
Posts: 6
darco wrote:
Hypothetically... If I were to post instructions on how anyone could get a unique HOTP (not TOTP) VIPAccess credential onto slot 2 of a YubiKey NEO, would that upset Symantec or Yubico?


Can you also please share (feel free to post it here or PM me) your method? I would really appreciate it :)


Top
 Profile  
Reply with quote  
 Post subject: Re: VIP on a NEO
PostPosted: Wed Mar 18, 2015 3:57 am 
Offline

Joined: Sun Feb 22, 2015 12:36 am
Posts: 6
I figured out how to use Yubikey NEO with paypal/eBay.

Just use this to generate token and setup in NEO like you would do for any other TOTP token.

https://github.com/cyrozap/python-vipaccess


Top
 Profile  
Reply with quote  
 Post subject: Re: VIP on a NEO
PostPosted: Tue Jun 30, 2015 1:30 am 
Offline

Joined: Tue Jun 30, 2015 1:16 am
Posts: 1
I don't suppose anybody figured out how to get this working as HOTP and is willing to share?


Top
 Profile  
Reply with quote  
 Post subject: Re: VIP on a NEO
PostPosted: Sun Sep 27, 2015 3:33 pm 
Offline

Joined: Sun Sep 27, 2015 3:26 pm
Posts: 1
WWW wrote:


Thanks WWW, I managed to get this working with PayPal (which uses Symantec VIP)

For those who aren't too sure how this is to be done, you simply install the vipaccess program and run it. PIP is the best way to do this (google how to install python's pip packages for your OS)
It will output a URL which contains a new "Serial Number" and secret, then show you a QR code of this. You simply set it up the same way you would for any normal google authenticator type app, but you specify your own serial number.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 12 posts ]  Go to page 1, 2  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: Heise IT-Markt [Crawler] and 10 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group