Yubico Forum
https://forum.yubico.com/

[SUGGESTION] Allowing longer static passwords
https://forum.yubico.com/viewtopic.php?f=12&t=1244
Page 1 of 1

Author:  max13 [ Mon Dec 02, 2013 12:59 pm ]
Post subject:  [SUGGESTION] Allowing longer static passwords

Hello !

I have a usefull suggestion which I care a lot: Allowing longer static password.

I've seen that static passwords can be up to 64 characters, and unfortunately, without OTP it's downsized to 38... I wanted to use a slot of my Yubikey to input "Private keys" (RSA key for instance), and for testing purpose (of the concept) I'm writing an app with takes a private key as input (Base64) and output the public key. The thing is that the minimum strength of a private key is 32bits, which outputs 65 characters (based64).

If I suppress the padding char (=) I can have 64, and even 63 chars, which fits in the 64 chars limit of the yubikey BUT... It's limited to 38 characters...
The suggestion is to allow static password or static "text" up to 2000 characters (~1600 chars for RSA 2048bits) or even up to 3000 characters (~3100 chars for RSA 4096bits), which will also make the yubikey a PKI hardware token too ;)

Author:  Morphlin [ Tue Mar 18, 2014 9:13 pm ]
Post subject:  Re: [SUGGESTION] Allowing longer static passwords

Yes! This would indeed be good.

The NSA probably prevents Yubico of doing so though.

Author:  Tom [ Wed Mar 19, 2014 10:43 am ]
Post subject:  Re: [SUGGESTION] Allowing longer static passwords

Unfortunately NSA has nothing to do with it, just the math

public identifier 32 char modhex is 16 bytes (scancode symbols)
the AES secret 16 bytes
private identity 6 bytes

Its a space limitation within the Yubikey, but we will note your suggestion.

Author:  max13 [ Wed Mar 19, 2014 11:05 am ]
Post subject:  Re: [SUGGESTION] Allowing longer static passwords

Tom wrote:
Its a space limitation within the Yubikey, but we will note your suggestion.


Of course, by "Allowing" I was talking about maybe manufacturing a new product (a hardware token by Yubikey would be a nicer product than current available hardware tokens).

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/