Yubico Forum https://forum.yubico.com/ |
|
yubikey OTP failure (erasure from server)? https://forum.yubico.com/viewtopic.php?f=16&t=1323 |
Page 1 of 1 |
Author: | lusich [ Mon Feb 24, 2014 4:04 pm ] |
Post subject: | yubikey OTP failure (erasure from server)? |
i was wandering if anyone can help shed some light on this... i have purchased some yubikeys, and have used the personalization tool to program them for yubico OTP verification. I registered the keys with the yubico OTP server, and verified that they work. I then used the keys successfully for over a week, being able to verify them against the yubico OTP system. Then yesterday (02/23/2014) at about 5pm, none of my yubikeys would verify against the yubico OTP anymore. I kept getting an error back, and was not able to use the yubikeys. I went to the demo yubikey test webpage, and none of the keys worked. (Which i find really strange, since they worked fine all week). I then reprogramed them with the personalization tool again, and registered them again with yubico, and then they worked again. Why have they failed though? How is it possible that all my yubikeys that I successfully programed, registered, tested and used for a week all of a sudden failed to authenticaate against the Yubico OTP server? This sort of scared me. I was luckily at home and able to reprogram them rather quickly, but if I were on the road somewhere, I would be unable to access my accounts, which would be a disaster. Is this a common occurrence? Has anyone else experienced this? |
Author: | Tom [ Tue Feb 25, 2014 9:33 am ] |
Post subject: | Re: yubikey OTP failure (erasure from server)? |
Hello, Lusich, this is first time we hear something like you describe. One Yubikey failing (even if rare) its a possibility but multiple Yubikeys failing at the same time lowers the probabilities of this event close to zero. Are you sure the Yubikeys were not touched (or badly reconfigured by you or some else? ) Are your Yubikeys protected with access control code? Which version are your Yubikeys? Firmware version and model. We would like to investigate more on this: contact support@yubico.com and provide them with: - order_id - serial number of the Yubikeys - if you wish ask for warranty replacement as you are covered by 2 years warranty. You will have to ship the Yubikeys back to our office for us to test them. Regards, Tom. |
Author: | lusich [ Tue Feb 25, 2014 3:04 pm ] |
Post subject: | Re: yubikey OTP failure (erasure from server)? |
hello, thank you for your response. I purchased the yubikeys from http://www.collectivesoftware.com/ They are (three) white yubikeys with firmware 2.4.1. I programmed them with Yubikey Personalization tool, version 3.1.11, library version 1.14.1. I programmed them on 02/14/2014 (at 10:43am) one after another through "advanced" OTP function. I registered them with the yubikey server. Then I tested them through the demo page and they were successfully recognized. They all had the "vv" prefix. I use them to log into lastpass. I used them successfully for over a week, even on Sunday morning. Then on Sunday afternoon, I could no longer login to lastpass. I kept getting an error. I tried to re-register them with lastpass, but they would come back as invalid. So then I went back to the demo-test page, and none of them could be validated. This was true for all three yubikeys. At the same time, some other yubikeys that I own were able to validate without a problem...even the ones with an old version of firmware 2.2.3 (that I also programmed for OTP myself, using the same method as described above). The yubikeys were in my possession the entire time (two were in a box in a closet). I did not use them for anything other than lastpass login. Yet, about a week into the first use they all inexplicably failed. I reprogrammed them, and reregistered them, and now they work fine again. They are not "password protected". However, noone (including myself) did anything to them. I can send you the configuration excel file for the three yubikeys from, 02/14/2014. I unfortunately did not copy the error explanation from the demo page. |
Author: | Tom [ Tue Feb 25, 2014 3:27 pm ] |
Post subject: | Re: yubikey OTP failure (erasure from server)? |
Do you happen to remember the previous public id, assigned to these 3 keys? (the old non-functioning public IDs) |
Author: | lusich [ Tue Feb 25, 2014 3:46 pm ] |
Post subject: | Re: yubikey OTP failure (erasure from server)? |
Here: vvccccbufetb vvlcvctciibi vvkulcnluirl I can send additional data on the configuration since i saved it. I will also give you the serial numbers later today. |
Author: | Tom [ Tue Feb 25, 2014 4:18 pm ] |
Post subject: | Re: yubikey OTP failure (erasure from server)? |
What kind of error did you get with those 3 ID? do you remember ? I would recommend you to have your Yubikeys replaced under warranty. |
Author: | lusich [ Tue Feb 25, 2014 8:29 pm ] |
Post subject: | Re: yubikey OTP failure (erasure from server)? |
quick question -- if i were to reprogram a yubikey, using the same parameters (that were saved in the .csv file) for Yubico OTP -- would this then become an exact clone of the previous yubikey, giving out the same OTP string? if so, I could quickly reprogram one of the keys with the saved information, and see if the OTP string still doesn't get recognized. I could then give you the exact error that I receive on the website. |
Author: | lusich [ Tue Feb 25, 2014 10:52 pm ] |
Post subject: | Re: yubikey OTP failure (erasure from server)? |
It failed again -- all three of them. Two of them were in a locked box in my house, and one on my keychain. They worked fine yesterday. So here are the serial numbers: 1983441 1983442 1983440 Here is the output of the error: Parameters tab=one-factor mode=one-factor key=vvukfjckguvnhchkrvhehkvkrjhhenctvlubkcghvutn identity=vvukfjckguvn Authentication Output h=DmEync9YxMqw61XBINr+y35JR2k= t=2014-02-25T21:41:02Z0602 otp=vvukfjckguvnhchkrvhehkvkrjhhenctvlubkcghvutn nonce=49c379bfadef7d892061cd0f9da5b5dc status=REPLAYED_OTP Parameters tab=one-factor mode=one-factor key=vvtjrlggcregbhkrikrhccdevfhlujivvurvhflterlv identity=vvtjrlggcreg Authentication Output h=+cDQvNTbVVW6jMyc6+hjkBwAvok= t=2014-02-25T21:43:29Z0880 otp=vvtjrlggcregbhkrikrhccdevfhlujivvurvhflterlv nonce=a7d7bd0f53740c9e6a9d63604788a486 status=REPLAYED_OTP Parameters tab=one-factor mode=one-factor key=vvudvheebgkbfdtjrdkfnulugugfincigvehkjdhkbhe identity=vvudvheebgkb Authentication Output h=rf2FkI4wf971sspglNgxDX1Vpw8= t=2014-02-26T00:15:18Z0990 otp=vvudvheebgkbfdtjrdkfnulugugfincigvehkjdhkbhe nonce=830453c9935baef9664e80b06eca9d0c status=REPLAYED_OTP It might look like the OTP was stolen or something, but I don't see how. The rest of the keys I own, work fine. |
Author: | Tom [ Wed Feb 26, 2014 9:11 am ] |
Post subject: | Re: yubikey OTP failure (erasure from server)? |
Hello, Please contact your re-seller and apply for a warranty. These 3 Yubikeys are affected by a known issue, and they will keep failing after sometime you reprogrammed them. We apologize for the inconvenient you have been experiencing. |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |