Yubico Forum

I just received mine today and probably several other people will be in the next few days as well. Some initial concerns/observations that may throw some people off that are used to v1.

First off, the presses are time based. where in v1 you held it down until it started printing out the characters, with v2 you hold and then let go after 1 second (0.3 - 1.5 technically) for first config and 4 (2.5 - 5 technically) for second config. If you hold it down nothing will happen and could later on actually reprogram the key if you hold it down too long. This didn't get me at first but switching between v2 and v1 I keep getting it confused.

There is no second config when you receive it from the factory. What that means is you can hold down the button anywhere in the .3 - 5 second range and it will emit the first and only config, which is setup with OTP with yubico

The OTP id itself was interesting to me as well. It appears the v2 id's are sequential and padded with c's. for example my id is ccccccccXXXX where the X's are different. Was kinda startling since the v1 was apparently random but there's no reason to be security concious about it. Remember the strength is no one aside from the authentication server (yubico in this case) can decrypt the stuff after your id.

Some links of interest

• YubiKey Manual which covers some v2 stuff
• how to change yubikeys on forum and wiki currently its a manual process.

Hope this is all useful to others

When the keys arrive they will work in the press-and-hold fashion. When there's only one identity, it behaves like the v1. Once you set a second identity, it changes to operate in the above fashion.

Thanks for this feedback.

Yes, like ferrix said, we ship the Yubikey2 with a configuration that makes them work exactly like the Yubikey1. The rationale is that we don't want to confuse users that do not care for a second configuration and are used to the Yubikey1 behavior. Also, for these who have deployed hundreds of keys, no information needs to be given to users who gets replacements etc.

There is an additional feature that even if only configuration #1 is set on the Yubikey2, a short press+release also works as a trigger.

Regarding the cccccccc prefix, this is not a Yubikey2 feature but rather reflects the linear numbering scheme that was introduced when we made a major architectural- and security update to the validation server back in March. All keys shipped since then follow a linear scheme where the public id matches the number+barcode on the label of the pouch. In theory, we could have skipped the cccccccc prefix to make the OTPs a bit shorter, but we decided that some services may verify that the OTP length was 12 + 32 = 44 characters.

With the best regards,

JakobE
Hardware- and firmware guy @ Yubico

I just ordered a few new keys to convert/consolidate the keys I use for different things. I realize that this forum is not really a RFC but in YK3.0 I would love to have a flash drive embedded into the key also. I am not a hardware engineer so I don't know if it would be feasible. the way I was thinking it would work is that you plug in the key and it gets recognized as two completely separate devices (one HID device as it is currently and then a separate mass storage device) I have a super talent pico drive and I can't imagine that integrating the additional hardware would make the key much bigger as it seems that the USB connector is the largest part of the drive.

We've got questions about adding an USB Flash memory function several times. I certainly agree it would have been attractive in many cases, such as a certificate storage.

But - we've calculated a bit on it and given the gigantic volumes for off-the-shelf finished USB memory sticks, we cannot even get near the cost of these. This means that a Yubikey with mass storage capability will be *much* more expensive than a Yubikey plus a separate USB memory. It will make this product a niche one and pass it to the dog corner I guess.

One should never say never, but it won't happen in a near future.

With the best regards,

JakobE
Hardware- and firmware guy @ Yubico