Yubico Forum

I just received my two YubiKeys that I ordered and I want to program a second configuration into them so I can store my WiFi password into them, while retaining the OTP funtion. Seeing that my WPA2 password is from Steve Gibson's Perfect Password page, it is a little long.
I started to look through the site and saw on the Personalization Tool page "WARNING! By re-initializing your YubiKey (either by manually programming a new AES key in the YubiKey or programming the YubiKey for static PW), you will lose ALL abilities to use that particular YubiKey against Yubico online severs - validation server, YubiKey management service, Yubico forum, demo server, OpenID server and so on. Customers are advised to consider using separate YubiKeys for use in Static Password Mode or for development and testing purposes."
Ok, that was enought to stop me. I don't want to mess up the OTP function of the YubiKey by doing this wrong. Is there a step by step instruction guide out there that I haven't been able to find that will tell me how to do this without messing up the current configuration of the OTP function?
Thanks,
Ted

The pre-assigned Yubico identity is stored in configuration 1 so just make sure the "Write to configuration 2" radio button is set before hitting the "Run" button.

Regards,

JakobE
Hardware- and firmware guy @ Yubico

Ok, I tried it and was successful at writing a static password to the second configuration, but I could not figure out how to specify what the password would be, I was just able to have the program generate the password. Is there a way to give it a specific password to write to the second configuration?
Thanks,
Ted

Yubikey 1 only supports the "compatibility" mode which means that you cannot set a specific string. The static mode simply forces the variable fields (use counter, session counter, timestamp and random number) to a fixed value. The Yubikey output then is the encrypted value of these fixed fields and the private id using the specified AES key.

For Yubikey 2, there are two new features with respect to static output:

a) The output can be set to "short" mode which means that the output is truncated to 16 characters. This was added to support some legacy systems that don't accept 32 character passwords.

b) "Scan code" output, i.e. support for a string made up of any arbitrary series of keystrokes. The obvious downside here is that as scan codes are sent, the output may change depending on the keyboard language settings.

Mode (b) is configured as following (assuming configuration tool Version 2).

1. Select task "Create a static Yubikey configuration"

2. In the following panel, select "Scan code mode”

3. Type in your arbitrary string, let’s say "abc123". In the scan code input field, the scan codes appear as 04 05 06 1e 1f 20

Hope this helps.

Regards,

JakobE
Hardware- and firmware guy @ Yubico

Ok, I haven't had a chance to play with this until now. So from what I am seeing, the only way to have a long password is to have it random? It seems that if I don't select a random password, I am limited to 16 charaters. I would like the ability to use a longer password but I can't seem to figure out how to get that with one I give it.
Thanks,
Ted

Ted, I agree that I would like to drop in one of Steve Gibson's long passwords. The way that I've migigated this is to configure it with a nasty 16 character password and then either prepend or append my own memorized password to the one the Yubikey stores. Don't forget to uncheck the box that adds a <RETURN> to the end of the string. This gives me offline use for things like TrueCrypt or sites that don't support OTP like banking sites and such.

I'm still waiting for the mass acceptance of OTP technology. For now, it seems to be in the early adopter phase. I can't wait till these things come in the welcome kit for both Gigantic Bank, Inc., and SmallHomeTown Bank Inc.

Rick