Yubico Forum :: View topic - Some questions regarding a YubiKey configuration

Yubico Forum https://forum.yubico.com/

Some questions regarding a YubiKey configuration https://forum.yubico.com/viewtopic.php?f=4&t=785	Page 1 of 1

Author:	Barabbas [ Thu Apr 12, 2012 12:47 pm ]
Post subject:	Some questions regarding a YubiKey configuration
I received my YubiKey, and I like it very much, I used a HOWTO to set up a two-factor authentication for Google Apps and I was thinning about all the uses that I could have for this product. I read all the documentation that I could find, watched all the videos and still, I am not sure that I understand everything. I understand there is a possibility to reconfigure a yubikey, but I also read this on your site here [1]: Quote: WARNING! By re-initializing your YubiKey, either by manually programming a new AES key in the YubiKey or programming the YubiKey for OATH-HOTP or static password, you will lose ALL abilities to use that particular YubiKey against Yubico online severs, including validation server, forum, Wiki, etc. That left me confused, since I don't know there is a possibility to upload ones keys to Yubico. I have several questions about this problem: 1. If I write a new configuration in "slot 1", and upload the keys to Yubico servers, can I then use it to access "Yubicloud" again. If not, what is the key uploading service used for? 2. Is it possible to write a new configuration in "slot 2", and upload it to the Yubico servers to be used with Yubicloud? 3. Is it possible (I know that I shouldn't) to use one slot on two authentication servers (for instance, let's say I generate my own key to be used with YubiPAM [2] as described here [3] [4], and then upload the same key to a Yubico server and also use it for the Yubicloud? 4. Is there a way to backup or clone a YubiKey in case that I lose it? 1. http://www.yubico.com/personalization-tool 2. viewtopic.php?f=8&t=159 3. http://forum.yubico.com/viewtopic.php?f=11&t=246 4. http://stuartl.longlandclan.yi.org/blog ... or-gentoo/ --

Author:	jtoon86 [ Sun Apr 15, 2012 10:59 pm ]
Post subject:	Re: Some questions regarding a YubiKey configuration
Hi #1 - yes, you can create a new OTP and upload the details to Yubico to access their cloud (I have done this to use a yubikey with lastpass and my own unix servers) #2 - yes, a second key can be added to slot 2 and uploaded just like slot 1 ... #3 -- you could use the same key on two different authentication servers. This would technically open you up to a replay style attack (ie authenitcate against your own PAM solution and then someone uses that OTP against the yubicloud) -- of course, they would need to use it before you used your yubikey against the second (in this case, yubicloud) service. #4 -- that would be hard -- particularly for the OTP slots as the backup key would be using older keys. I have two yubikeys setup with different OTP in slot one and the same static password in slot 2. I configured my services to accept OTP from both keys -- this way they are effectively the same for all of my needs (i can login to Lastpass, TrueCrypt, PAM (unix servers), static + pin authenication against various services, etc using either key).

Author:	samir [ Mon Apr 23, 2012 11:29 am ]
Post subject:	Re: Some questions regarding a YubiKey configuration
Hi, We would encourage you to contact Yubico at support@yubico.com so that we together can test out any options and once we have a working configuration we can post the result back to the forum. Thanks! Samir.

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/