Yubico Forum https://forum.yubico.com/ |
|
Usage Counter https://forum.yubico.com/viewtopic.php?f=16&t=464 |
Page 1 of 1 |
Author: | votality [ Tue Jan 19, 2010 4:25 am ] |
Post subject: | Usage Counter |
Hi, Is it possible to determine if a yubikey has been used since you last used it ? i.e you could remember the usage counter ... then when you use it again if the usage counter has incremented you know that someone else has used your key... ofcourse this wont help if you leave it plugged in... but this wouldnt be the case for me... (however im unsure if the usage counter can be read from the device) I will be using it in an environment where its possible at times the device will be insecure.. Votality. |
Author: | network-marvels [ Tue Jan 19, 2010 11:30 am ] |
Post subject: | Re: Usage Counter |
YubiKey is write only device. Information can only be written to the YubiKey and it can not be read. As no information/counters can be read from the YubiKey, it is not possible to determine/read the current values of it's usage counters. |
Author: | votality [ Tue Jan 19, 2010 12:29 pm ] |
Post subject: | Re: Usage Counter |
I thought that was the case... |
Author: | votality [ Sat Jan 23, 2010 1:46 pm ] |
Post subject: | Re: Usage Counter |
would yubico ever consider maintaining a log of possibly authentication request times and possibly ips.. this could be opt in of course .. i.e yubico doesnt log unless you ask... and it only maintains a month of history... the user can then use their yubikey to login and retrieve the log... would anyone else find this useful? I would ! |
Author: | odinsdream [ Wed May 04, 2011 8:27 pm ] |
Post subject: | Re: Usage Counter |
Quote: YubiKey is write only device. Information can only be written to the YubiKey and it can not be read. As no information/counters can be read from the YubiKey, it is not possible to determine/read the current values of it's usage counters. This isn't correct. Part of the OTP is an incremental counter. You would need to know your device's AES key in order to decrypt the OTP in order to extract the counter. If the counter is higher than you expect it to be, your key has been used since you left it alone. |
Author: | SnakeDoctor [ Wed May 11, 2011 7:57 am ] |
Post subject: | Re: Usage Counter |
Yubico could offer functionality to decrypt one of generated otp's if you submit 3 following otps which are first three for current session (aka yubikey has been just inserted, and generated 3 otp's). Or atleast part of it. |
Author: | niekie [ Fri May 13, 2011 12:18 pm ] |
Post subject: | Re: Usage Counter |
SnakeDoctor wrote: Yubico could offer functionality to decrypt one of generated otp's if you submit 3 following otps which are first three for current session (aka yubikey has been just inserted, and generated 3 otp's). Or atleast part of it. How about just using one token? See http://niekie.com/experimental/yubikey for a quick-and-dirty usage/session counter and timestamp reader from generated tokens. (of course, this'll only work for standard Yubikeys, and not those using a different authentication server) |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |