Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 10:46 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Tue May 02, 2017 3:08 pm 
Offline

Joined: Tue May 02, 2017 2:17 pm
Posts: 1
Any clues how to get a non oath equipped yubikey (firmware 2.02) to work using keepass 2fa?

I can do it via Google authenticator and 'phone, but that is too clunky as it requires manually entering 6 digit codes to a minimum of three (up to six) boxes. I'd like to just press the key 3 (or 4,5,6) times. (Extra question - can a longer custom string than 8 be used to maintain strength with fewer entries? e.g. can a plug in be written that say accepts a single otp that is longer than the 6-8 oath spec?)

I have an old yubikey that is non oath equipped that owes me nothing, and I'd rather not spend $40-50 to get a yk4 just for this purpose.

Have looked everywhere, for plug ins libraries etc to use yubicloud instead but either I'm not phrasing the question correctly or it hasn't been done.

Could I write my own plug in, to validate a key to unlock the vault? I am using windows 10 x64, Keepass 2.35, and optkeyprov 2.5(for Gauth so far). I'm not a programmer but can follow clear instructions!

Thanks if there is anyone out there who knows!!

edit - revised title to seek answers (rather than suggest I have the answer!)


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Oct 02, 2017 2:34 pm 
Offline
User avatar

Joined: Sun Jul 24, 2011 12:48 am
Posts: 37
Rcdadaptor wrote:
Any clues how to get a non oath equipped yubikey (firmware 2.02) to work using keepass 2fa?

I can do it via Google authenticator and 'phone, but that is too clunky as it requires manually entering 6 digit codes to a minimum of three (up to six) boxes. I'd like to just press the key 3 (or 4,5,6) times. (Extra question - can a longer custom string than 8 be used to maintain strength with fewer entries? e.g. can a plug in be written that say accepts a single otp that is longer than the 6-8 oath spec?)

I have an old yubikey that is non oath equipped that owes me nothing, and I'd rather not spend $40-50 to get a yk4 just for this purpose.

Have looked everywhere, for plug ins libraries etc to use yubicloud instead but either I'm not phrasing the question correctly or it hasn't been done.

Could I write my own plug in, to validate a key to unlock the vault? I am using windows 10 x64, Keepass 2.35, and optkeyprov 2.5(for Gauth so far). I'm not a programmer but can follow clear instructions!

Thanks if there is anyone out there who knows!!

edit - revised title to seek answers (rather than suggest I have the answer!)


I have tested this one which uses the SHA1 challenge-response and it seems to work well, although I do not understand the purpose of why it needs to know the secret used on the Yubikey for the challenge because if it sends data to it, it should always get the right response. But I did not write the plugin so I am sure there is a reason why it needs it. I just hope that the secret is used/stored securely. https://brush701.github.io/keechallenge/

_________________
My GnuPG (PGP) Key ID: 614D98E6


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group