Yubico Forum https://forum.yubico.com/ |
|
Linux static scan mode? https://forum.yubico.com/viewtopic.php?f=16&t=593 |
Page 1 of 1 |
Author: | cybermage [ Mon Nov 08, 2010 6:59 pm ] |
Post subject: | Linux static scan mode? |
Is there no way to use the scan mode to set a static password in Linux? I don't see any option for it. I'm able to set a random password, but believe it or not I have a bank account website that won't take a password longer than 12 characters. Yeah, I know... |
Author: | samir [ Thu Nov 11, 2010 11:35 am ] |
Post subject: | Re: Linux static scan mode? |
As of now, the functionality to set the scan-code mode password is not available in the Linux Personalization Tool. However, you can use the Windows based Personalization Tool to set your own password using the scan code mode. The Windows based Personalization Tool can be downloaded from the link below: http://www.yubico.com/personalization-tool We hope this helps! |
Author: | cybermage [ Sun Nov 14, 2010 9:10 pm ] |
Post subject: | Re: Linux static scan mode? |
Doesn't really help - since I don't run Windows anywhere. But thanks for confirming what I suspected. Thank goodness that's not what I ordered the keys for, it was just a nice side-effect I was hoping for. FYI, I tried the windows tool in Wine before posting the question and it wouldn't find the key. |
Author: | kaibookblue [ Wed Mar 09, 2011 9:02 am ] |
Post subject: | Re: Linux static scan mode? |
Hopefully not too late for you - I only got my yubikey a couple of days ago - but it is possible to set a scan-mode password using the Linux tool. I'm running Debian sid so YMMV. It seems the password is made up of the fixed identity (first 8 characters), the uid (next 6 characters) and the AES key (next 16 characters) catted together. This is only 30 characters - I haven't found out where the missing 8 are yet. Below is the command I used to set the 2nd config to be a static password of "Hello world!" ykpersonalize -2 -v -o -static-ticket -oshort-ticket -o fixed=h:8b080f0f122c1a12 -o uid=150f079e0000 -a 00000000000000000000000000000000 I got the USB scan codes from http://geekhack.org/showwiki.php?title=Scan+Codes and you add 0x80 to get a capital/shifted character. Put zeros at the end to pad a short password. You may also want "-o -man-update" to disable the feature to change the static password with a long press as mentioned in the user guide. Hope this helps. |
Author: | saa [ Sat May 26, 2012 10:34 am ] |
Post subject: | Re: Linux static scan mode? |
Sorry for posting to an old topic, but I also just got my Yubikey. To get all 38 characters, you need to modify ykpers-args.c to allow 16 bytes (32 hex digits) of fixed identity. I couldn't figure out a filename extension that was acceptable for a file upload, so here's the patch inline: Code: --- ykpers-1.6.3/ykpers-args.c.~1~ 2011-12-14 08:41:11.000000000 -0800 +++ ykpers-1.6.3/ykpers-args.c 2012-05-26 01:59:59.000000000 -0700 @@ -309,7 +309,7 @@ size_t fixedbinlen = 0; int rc = hex_modhex_decode(fixedbin, &fixedbinlen, fixed, fixedlen, - 0, 16, true); + 0, 32, true); if (rc <= 0) { fprintf(stderr, "Invalid fixed string: %s\n", After doing that, you should be able to do something like: Code: $ ./ykpersonalize -2 -o-static-ticket -oshort-ticket -o-strong-pw1 -o-strong-pw2 -o-man-update \ -ofixed=h:0405060708090a0b0c0d0e0f10111213 -ouid=141516171819 -a1a1b1c1d1e1f20212223242526278485 Firmware version 2.2.3 Touch level 1795 Program sequence 4 Configuration data to be written to key configuration 2: fixed: m:cfcgchcicjckclcncrctcucvbcbbbdbe uid: h:141516171819 key: h:1a1b1c1d1e1f20212223242526278485 acc_code: h:000000000000 ticket_flags: APPEND_CR config_flags: SHORT_TICKET extended_flags: Commit? (y/n) [n]: y A long press then yields: Code: abcdefghijklmnopqrstuvwxyz1234567890AB
|
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |