Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 8:14 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 8 posts ] 
Author Message
PostPosted: Thu Dec 30, 2010 5:15 am 
Offline

Joined: Thu Dec 30, 2010 5:04 am
Posts: 1
Is it possible to replace the paypal security key with the yubikey in OATH-HOTP mode set for 6 digits?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Sat Feb 05, 2011 1:35 am 
Offline

Joined: Sat Feb 05, 2011 1:29 am
Posts: 8
I'm curious about this one, too...


Top
 Profile  
Reply with quote  
PostPosted: Mon Feb 14, 2011 10:42 pm 
Offline

Joined: Mon Nov 22, 2010 4:02 pm
Posts: 14
Location: Germany
Hi there,

very obiously it is not possible due to two facts:

1. it depends on paypal what backend they are using. So the question is, if they would support the yubikey, integrate and chip it.

2. Paypal uses verisign keys, which are not oath compliant but use some unknown 3DES algorithm to calculate the one time password

Kind regards
Cornelius


Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 15, 2011 10:26 pm 
Offline
Site Admin
Site Admin

Joined: Wed May 28, 2008 7:04 pm
Posts: 263
Location: Yubico base camp in Sweden - Now in Palo Alto
Since quite recently - yes you can.

http://www.yubico.com/vip

At present, the keys are sent out pre-configured so current keys cannot be updated with a valid VIP key. We'll see what the future will give us ;-)

Best regards,

JakobE
Hardware- and firmware guy @ Yubico


Top
 Profile  
Reply with quote  
PostPosted: Tue Feb 15, 2011 11:33 pm 
Offline

Joined: Mon Nov 22, 2010 4:02 pm
Posts: 14
Location: Germany
Only learned about it today...

So good to hear, that this is possible with a well defined algorithm...

What about the HMAC key - I guess it is transferred to symantec in a secure manner.
Would it be possible to also get the hmac key, so that one could use the OATH token also with other applications?

Kind regards
Cornelius


Top
 Profile  
Reply with quote  
PostPosted: Thu Feb 17, 2011 7:38 pm 
Offline
Site Admin
Site Admin

Joined: Wed May 28, 2008 7:04 pm
Posts: 263
Location: Yubico base camp in Sweden - Now in Palo Alto
The HMAC key is proprietary to Symantec so that cannot be retreived.

However, the second configuration is open for your own needs so please feel free to assign your own HMAC key there to be used with other applications.

Best regards,

JakobE
Hardware- and firmware guy @ Yubico


Top
 Profile  
Reply with quote  
PostPosted: Thu Feb 17, 2011 9:13 pm 
Offline

Joined: Mon Nov 22, 2010 4:02 pm
Posts: 14
Location: Germany
Dear Jakob,

what does proprietary to symantec mean. Does Yubico generate the HMAC and ship it to symantec or is it vice versa?
Or does symantec generate the HMAC, store it to the yubikey and ship the yubikeys (via you?)
This would make sence - since I think they (former verisgn) are running the backend?

Kind regards
Cornelius


Top
 Profile  
Reply with quote  
PostPosted: Sat Feb 26, 2011 5:58 am 
Offline

Joined: Sun Jan 02, 2011 4:35 pm
Posts: 7
As the page at http://www.yubico.com/vip suggests, please do check with PayPal before purchasing one if you intend to tie it with PayPal.

Besides Denmark, APAC is not covered under PayPal VIP program according to PayPal Customer Service. It looks like only US, Canada, and limited European countries are under VIP coverage.

On the other hand eBay works with my VIP token from my APAC account, but then it is another device not Yubikey, so I can't be sure the VIP-enabled Yubikey works as well for Asian countries.

It will be great if PayPal supports VIP globally ;)


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: Heise IT-Markt [Crawler] and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group