Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 4:43 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 24 posts ]  Go to page 1, 2, 3  Next
Author Message
 Post subject: Static Yubikey How to...
PostPosted: Sat Nov 15, 2008 5:15 pm 
Offline

Joined: Sat Nov 15, 2008 5:08 pm
Posts: 1
Hi there ... i would use my Yubikey that it only do one static key.
how i can perform this?
and how to configure it?
is it possible to remove the enter keystroke at the end?

My targed is to only have a 20 or more digit long static password. i know if i lost the key i cant recognize.
pls tell me a way to do this. i havent found a solution only that yubikeys shipped after july allow it. my yubikey was shipped on 7. October


thanks mike


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Nov 25, 2008 1:13 am 
Offline
User avatar

Joined: Fri Nov 21, 2008 12:05 am
Posts: 1
snapo wrote:
Hi there ... i would use my Yubikey that it only do one static key.
how i can perform this?
and how to configure it?
is it possible to remove the enter keystroke at the end?

My targed is to only have a 20 or more digit long static password. i know if i lost the key i cant recognize.
pls tell me a way to do this. i havent found a solution only that yubikeys shipped after july allow it. my yubikey was shipped on 7. October

thanks mike


You can get a Yubikey that generates static passwords from the store:

http://mashedlife.com/make_key.php

Cheers

_________________
10 Dreams Come True at:
http://mashedlife.com/dream2.php


Top
 Profile  
Reply with quote  
PostPosted: Sat Jan 03, 2009 2:05 am 
Offline
User avatar

Joined: Sat Jan 03, 2009 1:56 am
Posts: 2
I recently purchased a yubikey for the purpose of generating a static random password. However, it seems that the directions on how to change the yubikey from a one-time-password generator into a static password generator are less than easy to understand. The original question presented in this thread seemed to ask the same questions that I have, but have not been answered.

For those of us that have purchased a regular yubikey, how do we go about converting it into a static password generator. Please be specific for those of us that have already downloaded the yubikey configuration SDK, but are pretty clueless when it comes to programming in C++ or Visual Basic.

To summarize my question, are there simple directions available for converting a regular yubikey into a static password generator?

_________________
JD
MBA


Top
 Profile  
Reply with quote  
PostPosted: Sat Jan 03, 2009 3:19 pm 
Offline

Joined: Sat Jan 03, 2009 3:17 pm
Posts: 1
Just got my yubikey

Really want to use it as a staic password.

Please could someone write a step by step guide. Like the post before I would like just a simple guide on how to set this up.

Regards

Simon


Top
 Profile  
Reply with quote  
PostPosted: Mon Jan 05, 2009 11:30 am 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
Thanks for your valuable suggestion. We would definitely provide a step by step guide for Yubico Personalization tool ASAP.


Top
 Profile  
Reply with quote  
PostPosted: Thu Jan 08, 2009 2:51 am 
Offline

Joined: Fri Jun 20, 2008 2:59 am
Posts: 84
IMO the personalization tool is very hard to understand since it exposes all kinds of very technical details about the key without explaining them or talking about what combinations you can use them in.

There are a lot of details, too, about how the yubikey does static passwords that are very non-intuitive to casual users.

Therefore, here is my solution. A script for everyone (on windows) to examine and use:
http://s3.collectivesoftware.com/statickey.wsf

Here is a copy of the instructions (also available inside the script source)
Code:
StaticKey version 1.0
Copyright(c) 2009 Collective Software, LLC
Free to use for the yubikey community, in the hopes it will be useful.

A simple "static password" yubikey programmer for Windows Script host.
It produces a 64 character password, with 256 bits of true complexity.

You need to have the yubikcom.dll registered.  This can be done by
installing the so called "personalization tool" from
http://www.yubico.com/developers/personalization/

Simple usage:
* Install the "personalization tool" (see above)
* Make sure you understand that you are deleting the old yubikey data!
* Plug in your yubikey
* Launch script
* Enter a 64 character hexadecimal string as can be found at:
   https://www.grc.com/passwords.htm
* After the key is programmed, touch the green ring to see the static
  password. 
   
There are two things you should understand about what your static
passwords will look like:

1)
Yubikeys always talk in the language of "modhex" which is similar to
normal hexadecimal, except instead of:
   0123 4567 89ab cdef
it uses the characters:
   cbde fghi jkln rtuv
So no matter what you enter for the input, the output will always look
like modhex.

2)
The first 32 characters of the static password will be a simple modhex
transcription of the first 32 characters of your input string.  BUT the
last 32 characters will be the result of an AES encryption operation.
They will be the same every time, because all the inputs to the AES
operation are the same (static).  But they are not a literal copy of
your exact input characters. 

For example, for the input string:
   0000000000000000000000000000000000000000000000000000000000000000
the static password generated is:
   ccccccccccccccccccccccccccccccccncejelrjvjvvciclerknrlihnteljrcb
You see the first half is all "c"s, which is modhex for "0".  But the
last half is changed because of the AES.  This is not a "feature" or
a "bug".  The AES operation does not add or subtract any security in
this situation, since it produces the same static result each time. 
It is just an artifact of the way yubico programmed their firmware.
   
Other details:

This programmer is completely deterministic and it does not add any
randomness or complexity to your password beyond the 64 characters you
enter.  Entering the same value many times will produce identical static
password'ed keys (this is considered a feature).  So it is IMPORTANT
to get a VERY RANDOM entry string so you will be as secure as possible. 
Get your string from https://www.grc.com/passwords.htm or some other
source of strong randomness.  Do not just type stuff from your keyboard.

If you want to remove the "enter" key from the end of the password entry
sequence, comment out the line:
   yk.ykFlagProperty(5) = true;
by adding two slashes // in front of it. 

If you want it to be a "tab" instead of an "enter", change the line to
   yk.ykFlagProperty(2) = true;


Top
 Profile  
Reply with quote  
PostPosted: Sun Jan 11, 2009 1:47 am 
Offline
Site Admin
Site Admin

Joined: Wed May 28, 2008 7:04 pm
Posts: 263
Location: Yubico base camp in Sweden - Now in Palo Alto
Thanks, Ferrix for this description.

As mentioned earlier, the "tools" you're refering to is not really a tool. It is just a barebone boilerplate code example on how to use the Yubikey configuration component.

For some reason which is kind of hard to recall, we've never made a proper configuration tool available.

But - we are just about to release two, both as binaries and with source.

a) Windows GUI tool, simple to use with a self-explanatory step-by-step Wizard-like guide. Based on the COM component. Will be included in that package.
b) LibUSB text-mode plain-vanilla C version to be portable between Linux, MacOsX and Windows.

Please have patience - it is not very far away

Regards,

Jakob E
Hardware- and firimware guy @ Yubico


Top
 Profile  
Reply with quote  
PostPosted: Fri Jan 16, 2009 4:51 pm 
Offline
Site Admin
Site Admin

Joined: Tue May 06, 2008 7:22 pm
Posts: 151
Source for the libusb variant is now available, please see:

http://yubico.com/developers/personalization/

This will make it easier for GNU/Linux users to personalize yubikeys at least.

/Simon


Top
 Profile  
Reply with quote  
PostPosted: Mon Jan 19, 2009 7:40 pm 
Offline

Joined: Mon May 19, 2008 6:06 pm
Posts: 2
@Simon: Sorry for bringing this up, but I can't get the personalizing tool to run/compile. I tried to compile it on a Mac with OS X as - I guess you said seems to work for some people. I get an error during
Code:
make
, that libusb is not available; sure it isn't ;-) I then downloaded it, although I did not know from which source, so I picked
Code:
libusb.sourceforge.net
. But then I didn't know how to proceed.

So maybe a general question for all guys who could make it run/compile it on a Mac. I would appreciate every idea and solution.


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 04, 2009 3:46 pm 
Offline

Joined: Wed Feb 04, 2009 4:33 am
Posts: 9
Hi,
I am really new to this whole Yubikey thing and there are somethings I need to understand and get done. The first way I want to use the key is in static mode to generate the same password every time. First question is can I put in my own password like if I wanted to use one of GRCs super long passwords, instead of having the key create it automatically? Second question is can I have more than one key using the same passwrod? We have 4 other guys in Tech and we will all need to have those keys when on the road

Thanks for the help.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 24 posts ]  Go to page 1, 2, 3  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group