Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 6:52 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 8 posts ] 
Author Message
PostPosted: Sat Apr 02, 2016 4:06 pm 
Offline

Joined: Sat Apr 02, 2016 2:37 pm
Posts: 11
Hello and greatings to all.

1.
Ive done with a brand new Yubikey 4 (not Neo) the following steps. And I become a error after the fields are filled. But I can recover the Passwordfile sucessfull. The Hexadecimal Code isnt incorrect. I repeat Ist is the correct Hex Code. I done my yubikey4 "restore to Defaults". And now i do the Prozedure live again. Please say me there are my fault(s) or mistakes.

2. Thirst Things Thirst: :lol:

O.S. Version : Microsoft Windows 10
Keepass Version: 2.3.2
otpkeyprov Version: 2.4
yubikey-personalization-gui Version: 3.1.24
3. lets go:


I open the Yubikey....gui:
I go to Settings:
cange Enter to off
I go to oath-hotp :
And i Switch to the second Slot .
then i thake the next Settings

I disable Oath-Token Identifier

Check thé Box: Hotp-Length 8 Digits

Then i push the"generate" button and Copy the Hex-Code into a Textfile.


then i press Write Configuration
see Pictures above:

That Looks like so:

Attachment:
yubisetupend.PNG
yubisetupend.PNG [ 39.23 KiB | Viewed 3982 times ]


Thats all for the Yubikey at first. the next ive done in Keepass. See the Next Pictures:

open keepass and create new Password datafile. Ive put a Password in and select one time Password then i hit ok.
Attachment:
File comment: i put the write Code in and do the setings
puthexin.PNG
puthexin.PNG [ 41.11 KiB | Viewed 3982 times ]

When i try to open this error Comes:
Attachment:
error.PNG
error.PNG [ 66.32 KiB | Viewed 3982 times ]


Im Verry verry Hopefully for Help.
Please Help.


Last edited by HDDControler on Sun Apr 03, 2016 9:36 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Sun Apr 03, 2016 9:10 am 
Offline

Joined: Sun Apr 03, 2016 9:01 am
Posts: 2
Location: Budapest, Hungary
You have to press and hold your yubikey button for several seconds in order to get the slot 2 output.
If you only press it shortly, you get your slot 1 output (yubikey OTP).

Apart from this, I have the same problem. I tried all steps four times. When I finally try to open my locked KeePass file, I enter my password, select OTP and then I have to enter 3 OTPs. I press and hold my yubikey button and an 8-digit code is entered. I choose the second and then third text field and repeat the process twice. So all (three) text fields contain a different 8-digit code and when I press "OK", I get "Failed to create OTP key!".


Top
 Profile  
Reply with quote  
PostPosted: Sun Apr 03, 2016 2:46 pm 
Offline

Joined: Sat Apr 02, 2016 2:37 pm
Posts: 11
Hello and thanks for your answer.

I must tell you that i find out how it is Funktion. You MUST THAKE THE CALLANGE-RESPONSE MODE.
Oh i hope i have write it correctly. But Then ist is O.K. . It works.

After i bekame an answer i Close tis thread. As Sucesssfull.

I Repeat : The Goal is The Cannenge- ...Mode.

Byby


Top
 Profile  
Reply with quote  
PostPosted: Sun Apr 03, 2016 6:29 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
If using OATH-HOTP, you'll also want to make sure that the "Look-ahead count" is AT MINIMUM 5 (between 5 and 10 seems to work consistently). Since it's counter-based, even one OATH-HOTP sent outside of KeePass will make your counter out of sync and the look-ahead count is used to mitigate this issue.

You are correct, though, that Challenge-Response (at least in my opinion) is a more useful option, and you can use the same Challenge-Response credential for other services.


Top
 Profile  
Reply with quote  
PostPosted: Sun Apr 03, 2016 7:06 pm 
Offline

Joined: Sun Apr 03, 2016 9:01 am
Posts: 2
Location: Budapest, Hungary
ChrisHalos wrote:
If using OATH-HOTP, you'll also want to make sure that the "Look-ahead count" is AT MINIMUM 5 (between 5 and 10 seems to work consistently).


Maybe you should add this tip to your own guide. I currently use challenge-response mode. Thanks. (Wouldn't be implementing HMAC-SHA256 far more secure?)


Top
 Profile  
Reply with quote  
PostPosted: Sun Apr 03, 2016 9:33 pm 
Offline

Joined: Sat Apr 02, 2016 2:37 pm
Posts: 11
Hey Ho thanks to all.
I try it just not out but the solution seems to be the Look-Ahead Accound.
Thanks for this Information.


Top
 Profile  
Reply with quote  
PostPosted: Tue Apr 05, 2016 8:48 am 
Offline
Site Admin
Site Admin

Joined: Mon Dec 08, 2014 2:52 pm
Posts: 314
I recommend using KeeChallenge instead.
http://www.kahusecurity.com/2014/securi ... nd-factor/


Top
 Profile  
Reply with quote  
PostPosted: Sun May 22, 2016 11:15 am 
Offline

Joined: Sun May 22, 2016 10:56 am
Posts: 2
I had the same problem, after many tries never managed to make OTP work with Keepass.

As suggested, switched to Keechallenge, works like a charm.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group