Yubico Forum

i was wandering if anyone can help shed some light on this...

i have purchased some yubikeys, and have used the personalization tool to program them for yubico OTP verification. I registered the keys with the yubico OTP server, and verified that they work. I then used the keys successfully for over a week, being able to verify them against the yubico OTP system.

Then yesterday (02/23/2014) at about 5pm, none of my yubikeys would verify against the yubico OTP anymore. I kept getting an error back, and was not able to use the yubikeys. I went to the demo yubikey test webpage, and none of the keys worked. (Which i find really strange, since they worked fine all week). I then reprogramed them with the personalization tool again, and registered them again with yubico, and then they worked again.

Why have they failed though? How is it possible that all my yubikeys that I successfully programed, registered, tested and used for a week all of a sudden failed to authenticaate against the Yubico OTP server?

This sort of scared me. I was luckily at home and able to reprogram them rather quickly, but if I were on the road somewhere, I would be unable to access my accounts, which would be a disaster. Is this a common occurrence? Has anyone else experienced this?

Hello,

Lusich, this is first time we hear something like you describe. One Yubikey failing (even if rare) its a possibility but multiple Yubikeys failing at the same time lowers the probabilities of this event close to zero.

Are you sure the Yubikeys were not touched (or badly reconfigured by you or some else? )
Are your Yubikeys protected with access control code?

Which version are your Yubikeys? Firmware version and model.

We would like to investigate more on this:

contact support@yubico.com and provide them with:

- order_id
- serial number of the Yubikeys
- if you wish ask for warranty replacement as you are covered by 2 years warranty. You will have to ship the Yubikeys back to our office for us to test them.

Regards,
Tom.

_________________
-Tom

hello,

thank you for your response. I purchased the yubikeys from http://www.collectivesoftware.com/

They are (three) white yubikeys with firmware 2.4.1. I programmed them with Yubikey Personalization tool, version 3.1.11, library version 1.14.1. I programmed them on 02/14/2014 (at 10:43am) one after another through "advanced" OTP function. I registered them with the yubikey server. Then I tested them through the demo page and they were successfully recognized. They all had the "vv" prefix.

I use them to log into lastpass. I used them successfully for over a week, even on Sunday morning. Then on Sunday afternoon, I could no longer login to lastpass. I kept getting an error. I tried to re-register them with lastpass, but they would come back as invalid. So then I went back to the demo-test page, and none of them could be validated. This was true for all three yubikeys.

At the same time, some other yubikeys that I own were able to validate without a problem...even the ones with an old version of firmware 2.2.3 (that I also programmed for OTP myself, using the same method as described above).

The yubikeys were in my possession the entire time (two were in a box in a closet). I did not use them for anything other than lastpass login. Yet, about a week into the first use they all inexplicably failed. I reprogrammed them, and reregistered them, and now they work fine again. They are not "password protected". However, noone (including myself) did anything to them.

I can send you the configuration excel file for the three yubikeys from, 02/14/2014. I unfortunately did not copy the error explanation from the demo page.

Do you happen to remember the previous public id, assigned to these 3 keys?

(the old non-functioning public IDs)

_________________
-Tom

Here:

vvccccbufetb
vvlcvctciibi
vvkulcnluirl

I can send additional data on the configuration since i saved it. I will also give you the serial numbers later today.

What kind of error did you get with those 3 ID?
do you remember ?

I would recommend you to have your Yubikeys replaced under warranty.

_________________
-Tom

quick question -- if i were to reprogram a yubikey, using the same parameters (that were saved in the .csv file) for Yubico OTP -- would this then become an exact clone of the previous yubikey, giving out the same OTP string?

if so, I could quickly reprogram one of the keys with the saved information, and see if the OTP string still doesn't get recognized. I could then give you the exact error that I receive on the website.

It failed again -- all three of them. Two of them were in a locked box in my house, and one on my keychain. They worked fine yesterday.

So here are the serial numbers:

1983441
1983442
1983440

Here is the output of the error:


Parameters
tab=one-factor
mode=one-factor
key=vvukfjckguvnhchkrvhehkvkrjhhenctvlubkcghvutn
identity=vvukfjckguvn

Authentication Output
h=DmEync9YxMqw61XBINr+y35JR2k=
t=2014-02-25T21:41:02Z0602
otp=vvukfjckguvnhchkrvhehkvkrjhhenctvlubkcghvutn
nonce=49c379bfadef7d892061cd0f9da5b5dc
status=REPLAYED_OTP


Parameters
tab=one-factor
mode=one-factor
key=vvtjrlggcregbhkrikrhccdevfhlujivvurvhflterlv
identity=vvtjrlggcreg

Authentication Output
h=+cDQvNTbVVW6jMyc6+hjkBwAvok=
t=2014-02-25T21:43:29Z0880
otp=vvtjrlggcregbhkrikrhccdevfhlujivvurvhflterlv
nonce=a7d7bd0f53740c9e6a9d63604788a486
status=REPLAYED_OTP

Parameters
tab=one-factor
mode=one-factor
key=vvudvheebgkbfdtjrdkfnulugugfincigvehkjdhkbhe
identity=vvudvheebgkb

Authentication Output
h=rf2FkI4wf971sspglNgxDX1Vpw8=
t=2014-02-26T00:15:18Z0990
otp=vvudvheebgkbfdtjrdkfnulugugfincigvehkjdhkbhe
nonce=830453c9935baef9664e80b06eca9d0c
status=REPLAYED_OTP


It might look like the OTP was stolen or something, but I don't see how. The rest of the keys I own, work fine.

Hello,

Please contact your re-seller and apply for a warranty. These 3 Yubikeys are affected by a known issue, and they will keep failing after sometime you reprogrammed them.

We apologize for the inconvenient you have been experiencing.

_________________
-Tom