Yubico Forum

I'd like to use my YubiKey to emit a 64 character password with the highest level of entropy / security.

Whilst programming a static password using the configuration utility and personalization tool, I found out that it is unfortunately not possible to use a string over 32 characters.

With the help of this forum, I stumbled upon a script called StaticKey which seems to be able to program a password with 256 bits of true complexity.

I have 2 questions regarding this approach:

1. Can someone please provide instructions on how to invoke this script? It fails to open with error code "Automation server can't create object"


2. Is this script considered to be the best way to accomplish my goal, programming YubiKey to emit 64 character password with the highest level of entropy / security?

Bump.

Hello,

Please find the steps below on how to write a 64 character static password using the "Cross Platform Personalization Tool":

Goto the "Cross Platform Personalization Tool" >> select Static Password Mode >> click on "Advanced" >> select the configuration slot >> Goto "Password Parameters" section >> enter Password Length as 64 in the box or use up or down arrow to select appropriate length.

Click on "Generate" button for generation of Public Identity, Private Identity and Secret Key.

And finally click on the "Write Configuration" button to write the setting to the YubiKey slot.

Hope this helps!

Thanks and best regards,
Samir.

This doesn't help me any further.

Unfortunately, it is not possible to set your own 64 character password. I read several concerned reports of Yubico's implementation of the static passkey.
Because I want to have the key as safe as possible, I would like to compare the generated key from StaticKey with the one from the "Cross Platform Personalization Tool".

Hello,

YubiKey supports two modes for static password viz. a) scan code mode and b) advanced mode (both described below FYI).

As per your description in previous mail, we recommend you to use 'Scan Code mode' for configuring YubiKey in staticpassword mode.

a) Scan Code mode:

In static password - scan code mode of the YubiKey, you can program your own static password that can consist of up to 38 alphabets, digits and special characters. Please note, functioning of this mode is dependent on the keyboard layout and currently only QWERTY US English layout is supported.

To program YubiKey in Static Password - Scan code mode:
a) start the Cross-platform personalization tool and select "Static Password" option from the menu
b) click "Scan Code" button
c) select the configuration slot you want to program
d) type the password you would like the YubiKey to emit in the "Password" box
e) insert a YubiKey and click "Write Configuration"

b) Advanced mode:

In the advanced mode you can emit a static password of up to 64 characters. In this mode, you cannot directly set the static password string. Instead, the static password is generated as a result of an encryption function involving the Secret key and YubiKey Public and Private ID parameters provided at the time of programming the YubiKey. The output in the advanced mode is in “modhex” format (a variant of hex format) that supports most standard keyboard layouts. You also have options to emitpassword as a combination of Upper and Lower case letters, alphanumeric and/or include '!' character as the first character of the output. Please note, these options (for Upper/Lower case and alphanumeric) apply to only first few characters of the output in this mode.

Hope this helps!

Thanks and best regards,
Samir.