Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 5:37 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Fri Jul 10, 2009 6:43 pm 
Offline

Joined: Sat May 31, 2008 1:15 am
Posts: 4
I just received mine today and probably several other people will be in the next few days as well. Some initial concerns/observations that may throw some people off that are used to v1.

First off, the presses are time based. where in v1 you held it down until it started printing out the characters, with v2 you hold and then let go after 1 second (0.3 - 1.5 technically) for first config and 4 (2.5 - 5 technically) for second config. If you hold it down nothing will happen and could later on actually reprogram the key if you hold it down too long. This didn't get me at first but switching between v2 and v1 I keep getting it confused.

There is no second config when you receive it from the factory. What that means is you can hold down the button anywhere in the .3 - 5 second range and it will emit the first and only config, which is setup with OTP with yubico

The OTP id itself was interesting to me as well. It appears the v2 id's are sequential and padded with c's. for example my id is ccccccccXXXX where the X's are different. Was kinda startling since the v1 was apparently random but there's no reason to be security concious about it. Remember the strength is no one aside from the authentication server (yubico in this case) can decrypt the stuff after your id.

Some links of interest

Hope this is all useful to others


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Fri Jul 10, 2009 7:05 pm 
Offline

Joined: Fri Jun 20, 2008 2:59 am
Posts: 84
When the keys arrive they will work in the press-and-hold fashion. When there's only one identity, it behaves like the v1. Once you set a second identity, it changes to operate in the above fashion.


Top
 Profile  
Reply with quote  
PostPosted: Fri Jul 10, 2009 8:34 pm 
Offline
Site Admin
Site Admin

Joined: Wed May 28, 2008 7:04 pm
Posts: 263
Location: Yubico base camp in Sweden - Now in Palo Alto
Thanks for this feedback.

Yes, like ferrix said, we ship the Yubikey2 with a configuration that makes them work exactly like the Yubikey1. The rationale is that we don't want to confuse users that do not care for a second configuration and are used to the Yubikey1 behavior. Also, for these who have deployed hundreds of keys, no information needs to be given to users who gets replacements etc.

There is an additional feature that even if only configuration #1 is set on the Yubikey2, a short press+release also works as a trigger.

Regarding the cccccccc prefix, this is not a Yubikey2 feature but rather reflects the linear numbering scheme that was introduced when we made a major architectural- and security update to the validation server back in March. All keys shipped since then follow a linear scheme where the public id matches the number+barcode on the label of the pouch. In theory, we could have skipped the cccccccc prefix to make the OTPs a bit shorter, but we decided that some services may verify that the OTP length was 12 + 32 = 44 characters.

With the best regards,

JakobE
Hardware- and firmware guy @ Yubico


Top
 Profile  
Reply with quote  
PostPosted: Mon Jul 27, 2009 3:34 am 
Offline

Joined: Fri Mar 20, 2009 10:50 pm
Posts: 2
I just ordered a few new keys to convert/consolidate the keys I use for different things. I realize that this forum is not really a RFC but in YK3.0 I would love to have a flash drive embedded into the key also. I am not a hardware engineer so I don't know if it would be feasible. the way I was thinking it would work is that you plug in the key and it gets recognized as two completely separate devices (one HID device as it is currently and then a separate mass storage device) I have a super talent pico drive and I can't imagine that integrating the additional hardware would make the key much bigger as it seems that the USB connector is the largest part of the drive.


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 06, 2009 10:03 pm 
Offline
Site Admin
Site Admin

Joined: Wed May 28, 2008 7:04 pm
Posts: 263
Location: Yubico base camp in Sweden - Now in Palo Alto
We've got questions about adding an USB Flash memory function several times. I certainly agree it would have been attractive in many cases, such as a certificate storage.

But - we've calculated a bit on it and given the gigantic volumes for off-the-shelf finished USB memory sticks, we cannot even get near the cost of these. This means that a Yubikey with mass storage capability will be *much* more expensive than a Yubikey plus a separate USB memory. It will make this product a niche one and pass it to the dog corner I guess.

One should never say never, but it won't happen in a near future.

With the best regards,

JakobE
Hardware- and firmware guy @ Yubico


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group