| Yubico Forum https://forum.yubico.com/ |
|
| Economic life span of Yubikeys https://forum.yubico.com/viewtopic.php?f=35&t=2682 |
Page 1 of 1 |
| Author: | rpeeters [ Wed Jul 26, 2017 12:26 pm ] |
| Post subject: | Economic life span of Yubikeys |
What should we take as economic life span for Yubikey 4's? Taken formally it would be the time the manufacturer warrants proper functioning, so 1 year. That would mean that business cases that utilize this, have to replace ALL keys after that 1 year. Somehow that doesn't seem correct. Any ideas or even better formal statements on economic life span? |
|
| Author: | techwg [ Tue Sep 26, 2017 12:33 pm ] |
| Post subject: | Re: Economic life span of Yubikeys |
Well as a user who has watched several Yubico videos and webcasts or what ever they are. They are solid state, have no moving parts and I have heard them say on more than one occasion that even the very original Yubikeys that were first created have not died en-mass. My own Yubikey with firmware v2.2.2 I have had since 2011 and it still works. Granted, I have not used it every single day for the last several years but I had used it quite a bit for static password and windows login capacities. It still works as good as the day I bought it, well, for the capabilities it has since it's an older model. I only bought the new Yubikey 4 to experiment with making more use of a Yubikey such as windows login, PGP encryption and signing, Yubico one time passwords and the time based ones you normally use the google authenticator for which I have several programmed into my YK4. However, I have my PGP key backed up securely and I have added the same secret key challenge-response to my old Yubikey so that I can still loginto windows if my new one were to get hit by a meteor and be destroyed (because I think that is what it would take to break these things...) EDIT: Speaking of life span, what is the limit of the counter on Yubikey 4 OTP? Years ago I recall reading somewhere that they rolled around once they reached the limit and essentially were useless because everything would be a replay or what ever because the "new" lower counts had already been seen. How is this handled? If I use my Yubikey 1000 times day, will the built in factory OTP in slot 1 just stop validating at some point? |
|
| Author: | My1 [ Tue Oct 31, 2017 10:08 pm ] |
| Post subject: | Re: Economic life span of Yubikeys |
The Idea of how they handle counters is intresting so let's see. https://developers.yubico.com/OTP/Speci ... tocol.html according to spec we have 2 counters. a session counter (I call it SC for now) which goes up each time you plug this thing in and use it for the first time. and a session use counter (UC) which goes up each touch but resets when the key loses power. now we have 8 bit (1 byte) for UC meaning 256 uses on each power cycle maximum until the key either has a problem or just ups the session counter. problem is we have 16 bit (2 byte) for SC, which means we have just 65536 sessions at maximum until we have a problem. now if you use the yubikey 8 times a day for yubi-OTP and pull it out each time, we have about 22 and half a year to spend. now if you would do that a hundred times each day (each quarter of an hour) it's over in 1 year and 9 and a half months, although that is far from realistic. if you happen to use it a thousand times on a day on the same device, you are gonna need 4 sessions (almost 45 years of life) so that's gonna last a while, although I think just using one 4 or even 3 byte (16 million) counter would have been nicer instead of this session/use counter system, as this is dropping a lot of numbers. with 3 bytes as counter and not dropping any numbers for the 1000 tries per day you have almost 46 years. |
|
| Author: | LD2gIlShWrA2J9qFcwS5 [ Wed Nov 01, 2017 2:57 am ] |
| Post subject: | Re: Economic life span of Yubikeys |
This observation is purely anecdotal. I had a pair of earlier Yubikeys ... and purchased a pair of "4s" as soon as they became available in late 2015. (And FWIW those earlier keys STILL are in-service as backups themselves) As to "new" 4s ... one is kept in a drawer as a "alternate" ... while my Primary has been on a keyring along w/ nine (9) metal keys ... bouncing around every day in my pants pocket for two years ... along w everything else which tends to end up in pockets (loose change, small hand-tools, etc). While it's never been thru the washer+dryer; nor has it been left out exposed to the direct sun and weather ... ... it IS still performing daily after a non-stop dose of reasonably-expected "wear-and-tear" over a 2-year period. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|