Yubico Forum

After some time of development together with customers, we now officially launch the OATH-HOTP enabled Yubikey.

The 2.1 firmware supports event-based HOTP in accordance with RFC 4226 with a selectable trunction length of 6 or 8 digits. Optionally, a identity can be generated in accordance with the openauthentication.org Token Identifier Specification.

The 2.1 firmware is backwards-compatible with existing firmware versions. The OATH mode is selectable per configuration which allows the Yubikey to have both Yubico OTP and OATH-HOTP in the same physical device.

At present, we do not have OATH support in our validation server. We've set up a Google Code project at http://code.google.com/p/mod-authn-otp/

The 2.1 Yubikey can be ordered via our webstore at http://www.yubico.com . We have also added some nice end-of-the-year special volume discounts.

With the best regards,

JakobE
Hardware- and firmware guy @ Yubico

If anyone is interested, I wrote a OATH validation server for Google App Engine. The requests to, and responses from the server are inspired by the Yubikey validation server. The code can be found here http://github.com/ghoff/oathotp

Cool - I'll check that out

Existing users can purchase Yubikey 2.1 at 30% discount during December. Use coupon code "30" when ordering.

Regards,

JakobE
Hardware- and firmware guy @ Yubico

As some users have noticed, Yubico has not been in the list of OATH Manufacgturer Prefixes (OMP). We were a bit late in registering our OMP, but now it's there.

Use prefix 'ub' with token type '00' for Yubikeys that have Yubikey IDs assigned to them. Example: Barcode id 00073405 becomes OATH Token Identifier ub0000073405.

Anyone testing OATH keys are free to use their own assigned Yubikey ID found on the barcode sticker. For testing purposes, use token type 'vv', which won't be used for any keys assigned by us.

Regards,

JakobE
Hardware- and firmware guy @ Yubico

Hi There,

Does anyone have any working PHP code for OATH HOTP? Some examples I found on php.net do not correspond to what is being generated by my OATH YubiKey.

Thanks!

A quick Google search revealed the following PHP based OATH-HOTP authentication server. Please note that we haven't tested it's functionality.

http://code.google.com/p/php-auth/

Hi network-marvels, thanks for the quick reply.

That code uses the same algorithm I've tried before, the issue is that the numbers generated by this algorithm do not correspond to the numbers generated by the Yubikey. I have a pure Java implementation for OATH-HOTP and it does correctly correspond to the Yubikey numbers so I am not sure what is going on with the PHP implementation.

Thanks.