Yubico Forum

Some questions regarding a YubiKey configuration
Page 1 of 1

Author:  Barabbas [ Thu Apr 12, 2012 12:47 pm ]
Post subject:  Some questions regarding a YubiKey configuration

I received my YubiKey, and I like it very much, I used a HOWTO to set up a
two-factor authentication for Google Apps and I was thinning about all the
uses that I could have for this product. I read all the documentation that I
could find, watched all the videos and still, I am not sure that I understand

I understand there is a possibility to reconfigure a yubikey, but I also read
this on your site here [1]:

WARNING! By re-initializing your YubiKey, either by manually programming a new
AES key in the YubiKey or programming the YubiKey for OATH-HOTP or static
password, you will lose ALL abilities to use that particular YubiKey against
Yubico online severs, including validation server, forum, Wiki, etc.

That left me confused, since I don't know there is a possibility to upload
ones keys to Yubico.

I have several questions about this problem:

1. If I write a new configuration in "slot 1", and upload the keys to Yubico
servers, can I then use it to access "Yubicloud" again. If not, what is the
key uploading service used for?

2. Is it possible to write a new configuration in "slot 2", and upload it to
the Yubico servers to be used with Yubicloud?

3. Is it possible (I know that I shouldn't) to use one slot on two
authentication servers (for instance, let's say I generate my own key to be
used with YubiPAM [2] as described here [3] [4], and then upload the same key
to a Yubico server and also use it for the Yubicloud?

4. Is there a way to backup or clone a YubiKey in case that I lose it?

1. http://www.yubico.com/personalization-tool
2. viewtopic.php?f=8&t=159
3. http://forum.yubico.com/viewtopic.php?f=11&t=246
4. http://stuartl.longlandclan.yi.org/blog ... or-gentoo/

Author:  jtoon86 [ Sun Apr 15, 2012 10:59 pm ]
Post subject:  Re: Some questions regarding a YubiKey configuration

Hi :)

#1 - yes, you can create a new OTP and upload the details to Yubico to access their cloud (I have done this to use a yubikey with lastpass and my own unix servers)

#2 - yes, a second key can be added to slot 2 and uploaded just like slot 1 ...

#3 -- you could use the same key on two different authentication servers. This would technically open you up to a replay style attack (ie authenitcate against your own PAM solution and then someone uses that OTP against the yubicloud) -- of course, they would need to use it before you used your yubikey against the second (in this case, yubicloud) service.

#4 -- that would be hard -- particularly for the OTP slots as the backup key would be using older keys. I have two yubikeys setup with different OTP in slot one and the same static password in slot 2. I configured my services to accept OTP from both keys -- this way they are effectively the same for all of my needs (i can login to Lastpass, TrueCrypt, PAM (unix servers), static + pin authenication against various services, etc using either key).

Author:  samir [ Mon Apr 23, 2012 11:29 am ]
Post subject:  Re: Some questions regarding a YubiKey configuration


We would encourage you to contact Yubico at support@yubico.com so that we together can test out any options and once we have a working configuration we can post the result back to the forum.


Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group