Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 5:39 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 9 posts ] 
Author Message
PostPosted: Tue Jan 20, 2009 8:06 am 
Offline

Joined: Tue Jan 20, 2009 7:47 am
Posts: 6
The previous personalizaton tool has ykUID field to specify "Unique (secret) Device ID". However, it seems that the new personalization tool does not have such field.

1. Is it correct there is no field for "Unique (secret) Device ID" anymore ?
2. If yes, what value is written by the new tool ? (it seems to be '000000')


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Jan 20, 2009 12:59 pm 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
The new personalization tool does not have the “ykUID” field to specify the "Unique (secret) Device ID". It is a design change and the value stored for the “ykUID” field in the YubiKey is “000000”.


Top
 Profile  
Reply with quote  
PostPosted: Wed Jan 21, 2009 1:09 am 
Offline

Joined: Tue Jan 20, 2009 7:47 am
Posts: 6
I understand. Thanks for explanation.


Top
 Profile  
Reply with quote  
PostPosted: Wed Mar 04, 2009 2:57 pm 
Offline

Joined: Wed Mar 04, 2009 2:19 pm
Posts: 2
Hello,

I don't really get it, is the use of the Device ID in the encrypted string removed completly?

If that's the case, why so? It felt pretty natural to identify the unique device (like the name of the field says :-)).

Maybe I'm missing something, but in my mind I was going to use that ID as a part of the authentication mechanism.
I wasn't going to use a shared AES-key among multiple devices, but if I was, that unique id was certainly a crucial detail.

Thanks in advance.


Top
 Profile  
Reply with quote  
PostPosted: Wed Mar 04, 2009 7:50 pm 
Offline

Joined: Wed Mar 04, 2009 2:19 pm
Posts: 2
Yay, I'm some what more happy :-)

Tried using the linuxtool (ykpersonalize), where I could set the unique id, for example. Also, set a longer whatever-that-unencrypter-string that's prepended is called, then what the Windows GUI allows for.

So a revised question; What's the deal with all the inconsistencies? ;-)

(On a side note, not related to this thread, I couldn't compile it successfully on x86_64, it suggested me building one of the libs with -fPIC, which made it compile but always segfaults when you try using the tool.)


Top
 Profile  
Reply with quote  
PostPosted: Wed Apr 22, 2009 9:01 am 
Offline

Joined: Mon Mar 02, 2009 2:18 pm
Posts: 1
Location: Germany
I was just about to address the same issue. I have a usecase where i use one aes with several yubikeys and identify them with the secret id. But i guess that could be done with the public id too as long as the keys match the aes.

So if i got that right, the secret id will vanish in the future!?


Cheers Jochen


Top
 Profile  
Reply with quote  
PostPosted: Fri Jun 19, 2009 7:40 pm 
Offline

Joined: Fri Jun 19, 2009 6:06 pm
Posts: 31
plundra wrote:
Yay, I'm some what more happy :-)

Tried using the linuxtool (ykpersonalize), where I could set the unique id, for example. Also, set a longer whatever-that-unencrypter-string that's prepended is called, then what the Windows GUI allows for.


PLEASE do NOT remove the option to set your own 'secret' string :o

I use YK's in cooperation with client side certificates (CAcert signed ones). In my case, a client needs a (client side) certificate, a passprase and a YK which 'secret' matches a hash of the static data from the certificate. If I can't set the secret anymore, the link between the key and the certificate is broken..


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 22, 2009 1:50 pm 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
The Secret ID field of the YubiKey is now used for validation of the OTP.

A new version of the Yubico Personalization tool for Windows (Beta) which allows to program the Internal User ID (Secret ID) and to add 10 MS, 20 MS and 30 MS intra-key pacing delay is now available for download. The installer and the user guide can be downloaded from:

http://www.yubico.com/developers/personalization/


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 22, 2009 3:32 pm 
Offline

Joined: Fri Jun 19, 2009 6:06 pm
Posts: 31
network-marvels wrote:
The Secret ID field of the YubiKey is now used for validation of the OTP.

A new version of the Yubico Personalization tool for Windows (Beta) which allows to program the Internal User ID (Secret ID) ...


I am happy to read that as of this release even Windows users can set their secret ID's again :) .

However, the first sentence puzzles me a bit. Has the factory programming been changed to include a Yubicom specific secret (and specific for that key, and random, one presumes?)


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group