Yubico Forum

Hi,

If I understand it correctly, the Yubico Authenticator sends the current time to the Yubikey Neo (I have fw version 3.3.0) as a challenge response and gets back a response which is then used to generate the digits.

My question is this, when I plug my Yubikey into the Personalization Tool, and click on Tools/Challenge-Response Tester, and choose either slot 1 or slot 2, I get this error:

"Challenge response could not be performed. Perhaps they YubiKey is not configured for challenge-response?"

So, how does the Yubico Authenticator get my YubiKey to honour a challenge-response request? I'm obviously missing something in my understanding!

btw, I'm successfully using the Yubico Authenticator and is working as expected.

Thank you.

-=david=-

I am not sure I understand your question.


OATH (TOTP HOTP) they have nothing to do with the HMAC-SHA1.

The OATH applet on your NEO will be fed with time from your OS and spit out TOTP codes.

The Challenge Response works in a different way over HID not CCID. An example of CR is KeeChallenge for KeePass where the Yubikey secret is used as part of the key derivation function.
Another application using CR is the Windows logon tool

The Yubico Authenticator does not use CR in any way.

Hi,

Thank you for your reply. I got the information directly from the website, referenced here:

https://www.yubico.com/applications/int ... ces/gmail/

and to quote:



It alludes that CR is used (specifically HMAC-SHA1).

I've probably misunderstood the information presented, but that's how it reads.

-=david=-

Hi,

If you are using the Yubico Authenticator you are not using that TOTP helper app, rather the OATH applet on the Yubikey NEO

You are right that the webpage is misleading we will fix it.

Hi,

Thank you for the clarification

-=david=-