Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 5:10 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Sat Dec 18, 2010 1:06 am 
Offline

Joined: Sat May 08, 2010 2:36 pm
Posts: 6
simple guide is there one?

I can make it 32 chars on 2 keys same.

How can I make it 16 chars?

step by step video would be good?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Jan 17, 2011 9:57 am 
Offline
Yubico Team
Yubico Team

Joined: Mon Feb 22, 2010 9:49 am
Posts: 183
YubiKey 2.X has two configuration slots. When the YubiKey 2.X is shipped, it's first configuration slot is factory programmed for OTP mode (which works with online Yubico OTP validation server) and the second configuration slot is left blank i.e. not programmed. The two configuration slots of the YubiKey work independently and each can be independently reconfigured into OTP or static password mode.

You can use the latest Yubico configuration utility (version 2.2) to reprogram the second configuration slot of your YubiKey. That will allow you to use your 1st configuration slot with Yubico servers and the second slot for your other purposes (TrueCrypt in your case).The latest Yubico configuration utility and the user guide can be downloaded from the following link:

http://www.yubico.com/personalization-tool

YubiKey 2.x can be reprogrammed for two types of static password modes, first is long static password mode and other is scan code mode. And in both modes two YubiKeys can be reprogrammed to emit the same static password.

    1) Long static password mode:

    The latest YubiKey 2.x provides an interesting feature called "Strong password policy" where we can program the YubiKey to generate very long static passwords with upper, lower case letters, numbers and an "!" special character. We need to use the new Yubico configuration utility to utilize this feature.

    For using this feature and reprogramming two YubiKeys with the same long static password follow the steps given below:

      1. Insert the first YubiKey to the USB port and start the YubiKey Configuration Utility
      2. Select the "Create a static YubiKey configuration (password mode)" from the Select task screen
      3. Choose "Advanced" mode and select the appropriate number of characters
      4. Select "Use a public identity" and from the "Public ID string update scheme" select "Fixed value" and click on "Single rand" button. Copy the value which is populated in the "Public ID string" and click on Next
      5. Select "Use a private identity" and from the "Private ID string update scheme" select "Fixed value" and click on "Single rand" button. Copy the value which is populated in the "ID string" and click on Next
      6. From the "Key update scheme" select "Fixed value" and click on "Single rand" button. Copy the value which is populated in the "Key (128) bits" and click on Next
      7. From the "Specify output parameters" screen, select the options provided under the "Strong password policy" and remember which options are selected
      8. From the "Specify configuration protection" screen, select the appropriate option
      9. From the Programming screen, select "Write to configuration 2 (YubiKey 2 only)" and click on Run
      10. Now, insert the another YubiKey
      11. Select the "Create a static YubiKey configuration (password mode)" from the Select task screen
      12. Choose "Advanced" mode and select the appropriate number of characters
      13. Select "Use a public identity" and from the "Public ID string update scheme" select "Fixed value" and provide the value which was copied while reprogramming the first YubiKey and click on Next
      14. Select "Use a private identity" and from the "Private ID string update scheme" select "Fixed value" and provide the value which was copied while reprogramming the first YubiKey and click on Next
      15. From the "Key update scheme" select "Fixed value" and provide the value which was copied while reprogramming the first YubiKey and click on Next
      16. From the "Specify output parameters" screen, select the options provided under the "Strong password policy" which were selected while reprogramming the first YubiKey
      17. From the "Specify configuration protection" screen, select the appropriate option
      18. From the Programming screen, select "Write to configuration 2 (YubiKey 2 only)" and click on Run

    Please also note that the static password emitted from the YubiKey when configured in "Advanced" static YubiKey configuration mode cannot be set by the user. The Static password is generated as a result of an encryption function involving the AES key and YubiKey parameters.

    2) Scan code mode:

    You can use the "Scan code mode" feature available under the static YubiKey configuration of the YubiKey configuration utility to program the YubiKey 2.0 to emit your own password (of up to 16 characters in YubiKey 2.1.2 and up to 38 characters in YubiKey 2.2) containing alphanumeric characters.

    For reprogramming two YubiKeys with the same Scan code mode static password follow the steps given below:

      1. Insert the first YubiKey to the USB port and start the YubiKey Configuration Utility
      2. Select the "Create a static YubiKey configuration (password mode)" from the Select task screen
      3. Select the "Scan code mode" option
      4. In the same screen enter your desired password in the "Scan code input" field and remember this password
      5. From the "Specify output parameters" screen, select the appropriate parameters (All parameters are optional)
      6. From the "Specify configuration protection" screen, select the appropriate option
      7. From the Programming screen, select "Write to configuration 2 (YubiKey 2 only)" and click on Run
      8. Now, insert the another YubiKey
      9. Select the "Create a static YubiKey configuration (password mode)" from the Select task screen
      10. Select the "Scan code mode" option
      11. In the same screen enter the same password that you have used while reprogramming the first YubiKey in the "Scan code input" field
      12. From the "Specify configuration protection" screen, select the appropriate option
      13. From the Programming screen, select "Write to configuration 2 (YubiKey 2 only)" and click on Run

We hope this helps!


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 09, 2011 8:31 pm 
Offline

Joined: Wed Feb 09, 2011 1:32 am
Posts: 2
Location: Chile
Hi samir: I followed your tutorial with a 2.2.x yubikey, but still doesnt quite do static password, in fact it does generate a very long strong password, but only around the first 32 chars are static, all the rest are random.. I did checked if it was programmed correctly and what is emitting is NOT an OTP.

For example :

First long press

!N62Jlcdcrftutftrtbfgkrblenrntbdlcgbtdfiddcrj

second long press

!N62Jlcdcrftubffrnfthuvffgdtlfregghuccbrcjvec

(I dont care if this passwords are made public ;) )


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 09, 2011 9:16 pm 
Offline

Joined: Wed Feb 09, 2011 1:32 am
Posts: 2
Location: Chile
Meh, I tried again, but this time, first deleting the 2nd configuration and then following the steps and it worked, it doesnt work overwritting though.

It seems to be a bug in the personalization tool-.


Top
 Profile  
Reply with quote  
PostPosted: Mon Nov 21, 2011 8:04 pm 
Offline
User avatar

Joined: Mon Nov 21, 2011 7:24 pm
Posts: 3
Location: Belgium
Nice, thanks for the help, but this text guide posted above looks very dangerous to me.

I just got my yubikey and I want to keep slot 1 as it is, and reconfigure slot 2 for a statis password.
But I'm too afraid to accidently override slot 1 with something I can't recover from.
Seems like it's very easyily done to overwrite the OTP factory default password... I don't even dare to click on 'set static password' in the tool...

The guides and userguides all explain things that I don't see on the personalization tool... I really need some clear, simple help on setting a static password on slot 2.

Can anyone help to point me to a video, or clear user guide?

greetings
strim


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group