Yubico Forum
https://forum.yubico.com/

Confused, which protocol is right for me + KeePass
https://forum.yubico.com/viewtopic.php?f=16&t=1671		 Page 1 of 1
Author:  yubigo [ Sat Dec 20, 2014 10:13 am ]
Post subject:  Confused, which protocol is right for me + KeePass
Hi there,

I have a number of YubiKey's (non-NFC) for a team of people and I'm not sure which protocol is right for me to set up.

  1. I use KeePass extensively, in my business and at home.
  2. I split my company passwords between ~10 KeePass files with different passwords in a central Dropbox location, and share certain passwords with certain people as a kind of role-based access system.
  3. We access these by PC and using KeepassDroid.
  4. We'll add YubiKey as a second authentication factor, and will program all keys the same

I think the 'many keys to many files' rules out OATH OTP's. Static passwords would work, but would "Challenge-Response"?

I don't quite understand the pros & con's of the different methods.

Cheers,
Chris
Author:  Tom2 [ Mon Dec 22, 2014 9:49 am ]
Post subject:  Re: Confused, which protocol is right for me + KeePass
This is the HOTP plugin http://keepass.info/help/kb/yubikey.html

There should be a CR plugin on keepass.info but i can't find the pointer, someone was working on it here as well:
viewtopic.php?f=8&t=929&p=6601#p6601



You are right when you say that many keys = no HOTP. They counter will quickly go out of sync and become un-usable. using Challenge Response would be ideal or adding Yubico OTP support, but I am not sure somene did this work for KeePass yet.

Other password managers such as KEYnTO, LastPass, support Yubico OTP.
Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/