Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 8:26 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Mon Dec 21, 2015 6:18 pm 
Offline

Joined: Mon Dec 21, 2015 5:45 pm
Posts: 2
Hi,

I am trying to get familiar with my Yubikey NEO and right now I am having trouble understanding the TOTP authentication and getting it to work completely.

On one side I use the Yubico Authenticator for Android Version 1.0.3 (from F-Droid). These codes are working fine. On the Desktop side I installed the Yubico Authenticator Version 2.3.0 from Debian testing (with ykpers 1.17.2). These codes are not accepted and when I switch during the time period and compare the codes, I see that they are actually different!
It does not make any difference where I add the credential, this is on both sides working fine. But only the codes on the Android app are working, regardless where I added the credential. Why is this the case?
[Edit: This is solved: The system time was off by a few minutes. Thanks for the answer brendanhoar.]

Apart from this unfortunately the documentation is not very good, meaning many questions are left unanswered:

What does it mean to read the codes from slot 1 or slot 2? Are the same slots meant you can setup with the YubiKey Personalization Tool? If so what effect does it have because it seems I can save credentials for TOTP and HOTP with the Authenticator even if I do not have OATH-HOTP written to any (Personalization Tool) slot. Finally in the manpage I found a hint, that if I deactivate the (Authenticator) slots, the "main applet" is used instead. What reason could I have to store a credential in a slot then?

Well, this is it for now. Thanks in advance!


Last edited by zak on Mon Dec 21, 2015 10:43 pm, edited 3 times in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Dec 21, 2015 10:31 pm 
Offline

Joined: Thu Oct 16, 2014 11:51 pm
Posts: 82
Part of the steps to generate a TOTP code involve sending the local time from the computer or phone to the yubikey.

Is the computer set to sync the hardware time via NTP? Contemporary smartphones should be doing this already, which is why they should always work.

B


Top
 Profile  
Reply with quote  
PostPosted: Mon Dec 21, 2015 10:40 pm 
Offline

Joined: Mon Dec 21, 2015 5:45 pm
Posts: 2
brendanhoar wrote:
Is the computer set to sync the hardware time via NTP?

:oops: Now I am feeling bad. That was it of course. ntpdate was not running for some reason and the time was off by a few minutes.
Thanks for the hint.

Nevertheless, I am still curious about the other questions.


Top
 Profile  
Reply with quote  
PostPosted: Tue Jan 12, 2016 1:45 pm 
Offline
Site Admin
Site Admin

Joined: Mon Mar 02, 2009 9:51 pm
Posts: 83
The slot functionality is really only for YubiKeys which don't have the more advanced OATH "applet", such as the old standard YubiKey, or YubiKey Edge. The slots are the same ones as can be programmed with the YubiKey Personalization Tool. When available (YubiKey Neo and YubiKey4), the recommendation is to use the advanced OATH functionality instead.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group