Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 4:44 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: New to the YubiKey!
PostPosted: Sun Jan 04, 2009 3:41 am 
Offline

Joined: Sun Jan 04, 2009 3:31 am
Posts: 2
Hello All,

Thanks for a producing a great product. I have a few questions. I'd like to use the Yubikey for my wpa2 password on my router. How does it know what password to use for what and where? How does it match the correct password with the correct website? How many passwords can I use with the key?

Thanks for your time & attention,


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

 Post subject: Re: New to the YubiKey!
PostPosted: Mon Jan 05, 2009 11:05 am 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
We would appreciate if you can provide us with more information regarding your requirements. This will help us to provide you a possible solution.


Top
 Profile  
Reply with quote  
 Post subject: Re: New to the YubiKey!
PostPosted: Mon Jan 05, 2009 3:30 pm 
Offline

Joined: Sun Jan 04, 2009 3:31 am
Posts: 2
network-marvels wrote:
We would appreciate if you can provide us with more information regarding your requirements. This will help us to provide you a possible solution.
I would like to use my Yubikey to generate a password for my router. Now how does the Yubikey match the password that was generated for the router when entered on the client machines when a password is requested for the router to connect?


Top
 Profile  
Reply with quote  
 Post subject: Re: New to the YubiKey!
PostPosted: Thu Jan 08, 2009 4:59 pm 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
YubiKey generates a 44 character long password every time, when the button is pressed. The 44 character password contains the following information:

The first 12 characters represent the ID of the YubiKey. Rest 32 characters represent the password (typically One Time Password).

YubiKey can be operated in one of the following two modes depending on the user requirement:

    1) One Time Password Mode:

    In the One Time Password (OTP) mode, every time when the user presses the button, YubiKey generates a 44 character long password which contains static “YubiKey ID” and a event based “One Time Password”.

    For Example:

    Observe the following OTPs generated from a YubiKey configured in “One Time Password Mode”

    fuhkifhkhufbfdccgukghlbuinldkcndkrrluvedbthrhi
    fuhkifhkhufbfdvblbbleffckfhthjdgrgjrbtjbnnlhdl
    fuhkifhkhufbfdhgghncdchnkhrribnukccgurhtlgkfuf
    fuhkifhkhufbfdfcicntcjjdjgchdgifgjebgrenugrfuk
    fuhkifhkhufbfdcrtefbtnnebvtuvhdthbrltvckergedl

    Here the first 12 characters (representing the YubiKey ID) of all the OTP are same. The next 32 characters (representing the One Time Password) are all different and generated based on event based OTP generation scheme of Yubico, thus resulting in a unique 44 character long password every time. This is the default mode of YubiKey.

    2) Static Password Mode:

    In the Static Password mode, every time when user presses the button, YubiKey generates a 44 character long password which contains static “YubiKey ID” and a static Password.

    For Example:

    Observe the following passwords generated from YubiKey configured in “Static Password Mode”

    fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
    fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
    fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
    fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu
    fuhkifhkhunjfkjeegdcherbljkrdgvhhkllicgcuu

    Here the first 12 characters (representing the YubiKey ID) and the next 32 characters (representing the One Time Password) are randomly generated at the time of programming the key and always same when the button is pressed, thus resulting in a same 44 character strong password every time.

To validate the OTP generated by YubiKey (in “One Time Password Mode”), the OTP needs to be sent to Yubico Validation Server (or a locally hosted validation server). The Yubico Validation Server validates the OTP and if it is valid, provides “OK” status or else provides a negative status response.

As the OTP generated by YubiKey (in “Static Password mode”) is always same, there is no need to validate it against Yubico Validation Server. The password can be used as a conventional but strong password. This password is 44 characters long.

As your router presumably won’t be having any mechanism to send the OTP entered by user to the Yubico Validation server to validate the OTP, the conventional YubiKey (“One Time Password Mode”) can not be used for generating one time passwords for authentication.

In order to use the password generated from YubiKey as a router password, we need to first configure the YubiKey from “One Time Password” mode to “Static Password” mode.

Yubico provides a personalization tool for Windows (http://www.yubico.com/developers/personalization/) that can be used to configure YubiKey from “One Time Password” mode to “Static Password Mode”. Use this utility to configure your YubiKey to produce a fixed (randomized at the time of programming) password which you can use with the router. Please note that the Static password can not be defined by user. It is selected by YubiKey randomly, when it is changed from “One Time Password” mode to “Static Password” mode.

To use YubiKey to authenticate with your router, please follow the steps below:

    1) Configure your YubiKey from “One Time Password” mode to “Static Password” mode as explained above
    2) Set your router password as the static password generated from YubiKey

Note:

By reprogramming your YubiKey (as mentioned above), you will lose ALL abilities to use your YubiKey against Yubico severs - validation server, YubiKey management service, demo server, OpenID server and so on.
By using Yubico Personalization Tool you can break your YubiKey! If you program your YubiKey with a new AES key protected with a password, and forget both the AES key and password, there is no way to restore the YubiKey to a usable state.


Top
 Profile  
Reply with quote  
 Post subject: Re: New to the YubiKey!
PostPosted: Thu Jan 08, 2009 9:54 pm 
Offline

Joined: Fri Jun 20, 2008 2:59 am
Posts: 84
Downloading the personalization tool is not sufficient to program a key in static mode, unless you really know what you're doing.

See http://forum.yubico.com/viewtopic.php?f=6&t=205&p=853#p853 for some more help.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group