Every time the button on the Yubikey is pressed, it generates a 44 character long password. The 44 character stream contains the following information:
The first 12 characters represent the ID of the YubiKey. The following 32 characters represent the password (typically this is One Time Password but it can be changed to generate a static password).
A YubiKey can be operated in one of the following two modes depending on the user’s requirements:
1) One Time Password Mode:
In the One Time Password (OTP) mode, every time the user presses the button, the YubiKey generates a 44 character password which contains the static “YubiKey ID” and an event based “One Time Password”.
For Example:
Observe the following OTPs generated from a YubiKey configured in “One Time Password” mode:
fuhkifhkhufbfdccgukghlbuinldkcndkrrluvedbthrhi
fuhkifhkhufbfdvblbbleffckfhthjdgrgjrbtjbnnlhdl
fuhkifhkhufbfdhgghncdchnkhrribnukccgurhtlgkfuf
fuhkifhkhufbfdfcicntcjjdjgchdgifgjebgrenugrfuk
fuhkifhkhufbfdcrtefbtnnebvtuvhdthbrltvckergedl
Here the first 12 characters representing the YubiKey ID of all the OTPs are the same. The next 32 characters representing the One Time Password are all different and generated based on the event based OTP generation scheme of the Yubico, thus resulting in a unique 44 character password every time. This is the default mode of YubiKey operation.
2) Static Password Mode:
In the “Static Password” mode, every time a user presses the button, the YubiKey generates a 44 character password which contains a static “YubiKey ID” and a static password.
For Example:
Observe the following passwords generated from a YubiKey configured in “Static Password” mode:
fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
Here the first 12 characters represent the YubiKey ID and the next 32 characters represent the static password (which is generated as a result of an encryption function involving the AES key and YubiKey parameters. A unique key will generate a unique PW.) is always the same when the button is pressed, thus resulting in same 44 character strong password every time.
As while programming the YubiKey, the number of characters selected are 32, the YubiKey ID aka Public ID will be omitted when the password from YubiKey is generated.
The 6 hex characters you programmed are the private identity (Private ID) of the YubiKey and not the Public ID. If you want the Public ID to be the part of the password, then change the number of characters to 44 and then reprogram your YubiKey.
We hope this helps!
Login
FAQ
Search
