Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 8:24 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 7 posts ] 
Author Message
PostPosted: Mon Jul 20, 2015 8:31 pm 
Offline

Joined: Sun Jul 19, 2015 11:02 pm
Posts: 5
Hello,

out of the box the Yubikey Neo is already has the slot 1 already provisioned and works perfectly with LASTPASS.
My questions are the following?
    * Is it advisable for security reason to reprogram it with a new master key instead of using it out of the box?
    * How can I do that and what kind of parameter do I need to provide to the utility to reprogram the slot 1 to make the key to work with LASTPASS?
    * Is the slot 1 protected or is it possible to reprogram it?

Thanks & Regards,
Marco - StockTrader

_________________
Marco - StockTrader
http://www.msz.eu || http://www.readitalians.org


Last edited by stocktrader on Wed Jul 22, 2015 12:09 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Jul 21, 2015 12:12 pm 
Offline
Site Admin
Site Admin

Joined: Mon Dec 08, 2014 2:52 pm
Posts: 314
* Is it advisable for security reason to reprogram it with a new master key instead of using it out of the box?
* How can I do that and what kind of parameter do I need to provide to the utility to reprogram the slot 1 to make the key to work with LASTPASS?
* Is the slot 1 protected or is it possible to reprogram it?


1) This is up to you. If you choose not to trust Yubico. I use factory keys also in my private life outside Yubico, I do not re-program them.
2) You need the Yubico Cross platoform personalization GUI available at https://developers.yubico.com/yubikey-p ... /Releases/
3) No, it is not protected just a warning pop-up informing you of what you are doing.

Please read rules:
viewtopic.php?f=25&t=937&p=3515#p3515


Top
 Profile  
Reply with quote  
PostPosted: Tue Jul 21, 2015 12:43 pm 
Offline

Joined: Sun Jul 19, 2015 11:02 pm
Posts: 5
Tom2 wrote:
* Is it advisable for security reason to reprogram it with a new master key instead of using it out of the box?
* How can I do that and what kind of parameter do I need to provide to the utility to reprogram the slot 1 to make the key to work with LASTPASS?
* Is the slot 1 protected or is it possible to reprogram it?


1) This is up to you. If you choose not to trust Yubico. I use factory keys also in my private life outside Yubico, I do not re-program them.
2) You need the Yubico Cross platoform personalization GUI available at https://developers.yubico.com/yubikey-p ... /Releases/


Hello,

Thanks for the answers! about the point 2: To make it work with LASTPASS is the Yubico OTP the correct mode? Do I need to set additional parameters?
Kind regards & Thanks
Marco - StockTrader

_________________
Marco - StockTrader
http://www.msz.eu || http://www.readitalians.org


Top
 Profile  
Reply with quote  
PostPosted: Wed Jul 22, 2015 11:53 am 
Offline

Joined: Tue Jul 21, 2015 2:41 pm
Posts: 7
For Yubico OTP, you gain nothing by reprogramming it! To make it work, you have to send the full private AES key to yubico.
And if oyu reprogram it you get a identity starting with vv instead cc and yubico reserves the right to delete them from their servers if they suspect you don't use a hardware yubikey to generate your OTP keys etc.

If you want increased security, you can't use Yubico OTP


Top
 Profile  
Reply with quote  
PostPosted: Wed Jul 22, 2015 12:08 pm 
Offline

Joined: Sun Jul 19, 2015 11:02 pm
Posts: 5
josch wrote:
If you want increased security, you can't use Yubico OTP

That's really reassuring :D
Thanks for your comments.
Kind regards,
Marco - StockTrader

_________________
Marco - StockTrader
http://www.msz.eu || http://www.readitalians.org


Top
 Profile  
Reply with quote  
PostPosted: Wed Jul 22, 2015 1:24 pm 
Offline

Joined: Tue Jul 21, 2015 2:41 pm
Posts: 7
stocktrader wrote:
josch wrote:
If you want increased security, you can't use Yubico OTP

That's really reassuring :D
But if you don't trust yubico, you shouldn't use a Yubikey at all!

With Yubico OTP, if you use a secret they added to your key or create a new secret and sent it to them doesn't make any difference. Using the provided key on the Yubikey is potentially even more secure because the key is never sent over the internet (of course it is encrypted, but with all the recent TLS bugs, who knows how secure)

But if yubico want to steal your secrets, there is no way for you to know they don't have a secret method to read all your self created secret keys from your Yubikey.
Either you trust them, or you don't. If you don't trust them, don't use a Yubikey!

Of course you can use OTP with your own server and not send the key to yubico. That's what I am doing. But then it is your responsibility to make sure the key is stored securely at that server. This is more secure if someone successfully attacks the Yubico OTP infrastructure. But then the Yubico OTP infrastructure is most likely many times more secure than any server you would use.

There just is no perfect security!


Top
 Profile  
Reply with quote  
PostPosted: Wed Jul 22, 2015 1:39 pm 
Offline

Joined: Sun Jul 19, 2015 11:02 pm
Posts: 5
You're right.
Thanks for the explanation.
Thanks & Regards,
Marco - StockTrader

_________________
Marco - StockTrader
http://www.msz.eu || http://www.readitalians.org


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group