Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 5:30 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 11 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Sun Aug 30, 2009 7:32 am 
Offline

Joined: Sun Aug 30, 2009 7:22 am
Posts: 5
Hi, first time post and first time using Truecrypt 6.2a and YubiKey on a desktop running Windows XP SP3.

I formatted a Yubikey (version 2) for a static password and used it to create a password for encryption of a system partition. TrueCrypt accepts the key I put in with the YubiKey, I then create the Rescue disk and then go to the test phase. When the system reboots and asks for the password I insert the YubiKey and press the green circle. The YubiKey sends the password and true crypt does nothing. I hit enter and it says invalid password.

I have tried to make a static password with the YubiKey with the following formats all fail. Now TrueCrypt will accept the password when going through the process of setting up for an encrypted system partition but then upon the last step - test will not accept static password generated by the YubiKey .

YubiKey static password formats I have tried:
32 characters and 64 characters, using upper case and lower case characters.
Putting an enter cmd at the end of the password and not putting an enter cmd at the end of the password.

I believe I have followed the video found at the Yubico web site wiki - http://wiki.yubico.com/wiki/index.php/A ... :TrueCrypt

I did a search both here and at the TryeCrypt web forum and can not figure this out, any help would be greatly appreciated.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Sep 01, 2009 3:50 pm 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
We would appreciate if you can provide us following more information about the problem you are facing:

    1) Is the YubiKey not generating the static password at the pre-boot environment?
    2) Are you able to successfully reprogram the YubiKey for the static password mode?
    3) Are you setting the TrueCrypt password as the static password generated from the YubiKey?
    4) Does manually entering the static password emitted from YubiKey allows you to login to the system?

The answers to the above questions will help us debugging the problem you are facing.


Top
 Profile  
Reply with quote  
PostPosted: Tue Sep 01, 2009 10:42 pm 
Offline

Joined: Sun Aug 30, 2009 7:22 am
Posts: 5
1) Yes it is generating the static password. TrueCrypt is not accepting it.

2) I thought I was. I would test after reprogramming by generating the password from the YubiKey in a text file, checking to see that the same password was generated repeatedly. This was happening. Unfortunately I didn't know that once you unplugged the YubiKey and plugged it back it, it generates a different password until you unplug it again. So that was my problem. The static password would change every time I unplugged the YubiKey and reinserted it.

3) Yes. But as I explained in #2 the password changed every time I unplugged YubiKey and reinserted it.

4) No.

It is working now. I have the drive encrypted with TrueCrypt and the YubiKey grants access. What I did was not follow the manual and the video and simply reprogrammed the YubiKey for a OTP instead of a static password and it works fine now.

I'm guessing that I was missing a step or doing something wrong when reprogramming for a static password. I still don't know what I did wrong. But it works as a OTP


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 03, 2009 12:26 am 
Offline

Joined: Mon Aug 10, 2009 10:05 pm
Posts: 3
That's strange.... the OTP should fail. Truecrypt needs a static password since it has no server to validate against (whether it be Yubico's server, or one you have set up yourself), and the password on the encrypted volume should never change, unless you manually change it. Have I been reading this thread right?


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 03, 2009 2:47 am 
Offline

Joined: Sun Aug 30, 2009 7:22 am
Posts: 5
This is my first experience with Yubico's YubiKey. All I know is what I related in this thread. Its working now and it would not work in static mode. Now when I press the key on the YubiKey it sends the same password to TrueCrypt every time.

Now I'm sure I did a step wrong or missed something when I reprogrammed the YubiKey. A new step by step video for the version 2 YubiKey might help, I don't know.


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 03, 2009 6:24 am 
Offline

Joined: Mon Aug 10, 2009 10:05 pm
Posts: 3
TopDog wrote:
Its working now and it would not work in static mode. Now when I press the key on the YubiKey it sends the same password to TrueCrypt every time.


... But by definition, that is a static password. Are you sure the static password radio button wasn't pressed when you configured the key?

As for documentation on the Yubikey 2, I'm not sure a video exists, but there should be written documentation all over the forum.


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 03, 2009 7:02 am 
Offline

Joined: Sun Aug 30, 2009 7:22 am
Posts: 5
Yes and that only adds to my confusion as well.

Using the YubiKey configuration utility, Under the "Programming the YubiKey" I selected the first option:

Create a dynamic YubiKey configuration (OTPmode) and went on from there.


Top
 Profile  
Reply with quote  
PostPosted: Fri Sep 04, 2009 12:53 am 
Offline

Joined: Mon Aug 10, 2009 10:05 pm
Posts: 3
That's very strange... we could be here pondering that one for awhile. Good that it's at least working for you though!


Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 16, 2009 11:59 pm 
Offline
Site Admin
Site Admin

Joined: Wed May 28, 2008 7:04 pm
Posts: 263
Location: Yubico base camp in Sweden - Now in Palo Alto
Have you tried to slow down the OTP output rate ? Maybe the TrueCrypt input routine is a bit slow in polling the keyboard input buffer...

In the "Output parameters" panel of the configuration tool, check both the "Slow down character output..." boxes. This will throttle the output a bit.

Please let me know if this makes a difference.

Regards,

JakobE
Hardware- and firmware guy @ Yubico


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 17, 2009 5:43 am 
Offline

Joined: Sun Aug 30, 2009 7:22 am
Posts: 5
JakobE wrote:
Have you tried to slow down the OTP output rate ? Maybe the TrueCrypt input routine is a bit slow in polling the keyboard input buffer...

In the "Output parameters" panel of the configuration tool, check both the "Slow down character output..." boxes. This will throttle the output a bit.

Please let me know if this makes a difference.

Regards,

JakobE
Hardware- and firmware guy @ Yubico


I bought two Yubikeys one to use as it came, for example logging into the forum. The other to test and learn with. It took days of messing with the one I'm using on a test computer to work with True Crypt. I will try what you ask when I have time to work with it again. Thanks for the input.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ]  Go to page 1, 2  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group