YubiKey can be operated in two basic modes:
1) One Time Password (OTP) mode
2) Static Password mode
These modes are explained in details below:
1) One Time Password (OTP) mode:
In the One Time Password (OTP) mode, every time the user presses the button, the YubiKey generates a 44 character password which contains the static “YubiKey ID” and an event based “One Time Password”.
For Example:
Observe the following OTPs generated from a YubiKey configured in “One Time Password” mode:
fuhkifhkhufbfdccgukghlbuinldkcndkrrluvedbthrhi
fuhkifhkhufbfdvblbbleffckfhthjdgrgjrbtjbnnlhdl
fuhkifhkhufbfdhgghncdchnkhrribnukccgurhtlgkfuf
fuhkifhkhufbfdfcicntcjjdjgchdgifgjebgrenugrfuk
fuhkifhkhufbfdcrtefbtnnebvtuvhdthbrltvckergedl
Here the first 12 characters representing the YubiKey ID of all the OTPs are the same. The next 32 characters representing the One Time Password are all different and generated based on the event based OTP generation scheme of the Yubico, thus resulting in a unique 44 character password every time.
To validate the OTP generated by the YubiKey (in the “One Time Password” mode), the OTP needs to be sent to the Yubico online Validation Server (or a locally hosted copy of the validation server). The Yubico Validation Server validates the OTP and if it is valid, returns “OK” status or else returns a negative status response. Please note that a OTP can be successfully validated only once.
2) Static Password mode:
Use of an OTP makes it very difficult for attackers to gain unauthorized access to protected resources/services. However, the application needs to communicate with a server to validate the OTPs. This may not be possible in all cases, particularly when network access is not available to communicate with the server, e.g. in pre-boot authentication mode. In such case, a
YubiKey can generate a strong static password which can be validated by an application locally without the need to connect to a server.
In the “Static Password” mode, every time a user presses the button, the YubiKey generates a up to 64 characters password which contains a static “YubiKey ID” and a static password.
For Example:
Observe the following passwords generated from a YubiKey configured in 44 characters “Static Password” mode:
fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
Here the first 12 characters represent the YubiKey ID and the next 32 characters represent the static password (which is generated as a result of an encryption function involving the AES key and YubiKey parameters. A unique key will generate a unique PW.) is always the same when the button is pressed, thus resulting in same 44 character strong password every time.
As the static password generated by the YubiKey (in the “Static Password” mode) is always the same, there is no need to validate it against the Yubico Validation Server. The password can be used as a conventional but strong password (in a system validating regular passwords).
The YubiKey can be reprogrammed for emitting up to 64 characters static password including alphanumeric characters. It also can be configured for emitting your own password of up to 16 characters.
The new YubiKey 2.0 has two configuration slots. These configuration slots work independently and be reprogrammed for following four combination:
1) OTP + OTP
2) OTP + Static
3) Static + OTP
4) Static + Static
When the YubiKey 2.0 is shipped, it's first configuration slot is factory reprogrammed for OTP mode (which works with online Yubico OTP validation server) and the second configuration slot is left blank. You can reprogram the YubiKey configuration slot 2 for static password mode.
From the Androsa Fileprotector's website, it seems that it does not support YubiKey OTP mode. However, you can configure your YubiKey to static password mode and use this static password as the password required for encryption/decryption in the Androsa Fileprotector.
We hope this helps!
Login
FAQ
Search
