Yubico Forum https://forum.yubico.com/ |
|
[Question] Detect NEO key type from OTP ID https://forum.yubico.com/viewtopic.php?f=26&t=2659 |
Page 1 of 1 |
Author: | kspearrin [ Thu Jun 29, 2017 4:57 am ] |
Post subject: | [Question] Detect NEO key type from OTP ID |
Referencing this article: https://developers.yubico.com/OTP/OTPs_Explained.html I can see that OTPs generated contain two parts: the constant ID and the dynamic passcode. Code: cccjgjgkhcbb irdrfdnlnghhfgrtnnlgedjlftrbdeut cccjgjgkhcbb gefdkbbditfjrlniggevfhenublfnrev cccjgjgkhcbb cvchfkfhiiuunbtnvgihdfiktncvlhck Based on the ID or passcode, is it possible to detect what type of key this is? I would like to be able to detect if a key is a NEO or not. |
Author: | ChrisHalos [ Thu Jun 29, 2017 5:02 am ] |
Post subject: | Re: [Question] Detect NEO key type from OTP ID |
No, you can't identify a YubiKey model by OTP. If it's the pre-programmed Yubico OTP credential then you can tell the serial number of the YubiKey, but nothing more. |
Author: | kspearrin [ Thu Jun 29, 2017 5:14 am ] |
Post subject: | Re: [Question] Detect NEO key type from OTP ID |
Thanks Chris. Let me explain why I wanted to do this and see if maybe there is a better way. For our application a user can register a YubiKey with their account. After this is done, whenever they log in we present the YubiKey option as a second factor. If YubiKey is not configured or the device does not support YubiKey, then we fall back to other configured second factors (such as TOTP apps). This works fine on a desktop platform, however, we also have mobile apps (iOS and Android). We have added support for our Android app to use YubiKey if configured and the user has NFC enabled on their device, however, this obviously will only work with a NFC enabled YubiKey (NEO). If the user did not register a NEO, we do not want to present the YubiKey as a second factor since obviously they can't use it on the device. We could ask the user at the time of registration what type of key this is, but it would be great if we could just detect it for them somehow so we can skip the YubiKey option automatically when logging in on mobile devices. Any ideas? |
Author: | ChrisHalos [ Thu Jun 29, 2017 8:30 am ] |
Post subject: | Re: [Question] Detect NEO key type from OTP ID |
This could only be done if U2F was being used. U2F utilizes transport hints, so this would be possible in that scenario. If you're simply using Yubico OTP, there's no way to do this. LastPass, for example, allows the user to set whether there is am OTP requirement on Android or not. Seems to me this would be the only reasonable option. |
Author: | kspearrin [ Thu Jun 29, 2017 2:57 pm ] |
Post subject: | Re: [Question] Detect NEO key type from OTP ID |
Thanks. In the end we just added a checkbox for the user to specify if they are using a NFC enabled key or not. |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |