| Yubico Forum https://forum.yubico.com/ |
|
| Static Yubikey How to... https://forum.yubico.com/viewtopic.php?f=4&t=205 |
Page 3 of 3 |
| Author: | Datsys [ Fri Feb 06, 2009 3:41 am ] |
| Post subject: | Re: Static Yubikey How to... |
I suppose the first thing I should really ask is where/how do I get the ID and the AES keys to begin with? The next question is how do I get the PT to work with the script? The limtation on the number of characters is not that important since they would both yeild a very stron password anyway.. What is more worthy of consideration is to make sure that the key can not be easily changed one set or would not be easy to tamper with in its original state. |
|
| Author: | Dick [ Fri Feb 06, 2009 6:39 am ] |
| Post subject: | Re: Static Yubikey How to... |
Datsys wrote: I suppose the first thing I should really ask is where/how do I get the ID and the AES keys to begin with? The next question is how do I get the PT to work with the script? The limtation on the number of characters is not that important since they would both yeild a very stron password anyway.. What is more worthy of consideration is to make sure that the key can not be easily changed one set or would not be easy to tamper with in its original state. You don't need the original ID and AES keys to set a static password and/or a programming password. If you choose to use the PT, you won't need to use the script. The converse is not, however, true since the script requires the installation of the PT to operate. BTW, if you haven't carefully read the comments in the script, you should do that. There's lots of excellent information in there about this whole process. It also discusses the bit strength of static modhex passwords. Just run the PT. In the ID field enter the first 24 characters of your GRC hex password. In the AES Key field enter the next 32 characters of that GRC hex password. Check the Create Static Password (No OTP) box. Leave the Automatic Navigation stuff blank. In the Programming Protection area, check the box indicating that you want to create or change the password. Two new fields will open for entry of the new password. Leave the field blank for the existing programming password and type the desired new password into the two places shown. Obviously, don't lose the password or you won't be able to reprogram the YK. Click on Update Settings. That should do it. At least it did for me. Dick |
|
| Author: | Datsys [ Fri Feb 06, 2009 8:22 am ] |
| Post subject: | Re: Static Yubikey How to... |
Dick, you are a gem plus. I am going to try what you have suggested here and see how it goes. Just a thought though for future reference. I was looking through the forum and saw a way to get the original ID and AES keys for each YK, since I plan to do more of this convertinion to Static PW do you think it would be a good idea to use these before I reprogramme keys? Or is it that when the keys are reprogrmmed all of that stuff is lost? |
|
| Author: | Dick [ Fri Feb 06, 2009 5:30 pm ] |
| Post subject: | Re: Static Yubikey How to... |
Those are the two parameters that you are reprogramming when you use the GRC password as you desired to do. The only use that I can think of for the original values would be to return the YK to its status prior to your reprogramming. Dick |
|
| Page 3 of 3 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|