Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 4:39 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Thu Apr 12, 2012 12:47 pm 
Offline

Joined: Fri Apr 06, 2012 5:24 pm
Posts: 1
I received my YubiKey, and I like it very much, I used a HOWTO to set up a
two-factor authentication for Google Apps and I was thinning about all the
uses that I could have for this product. I read all the documentation that I
could find, watched all the videos and still, I am not sure that I understand
everything.

I understand there is a possibility to reconfigure a yubikey, but I also read
this on your site here [1]:

Quote:
WARNING! By re-initializing your YubiKey, either by manually programming a new
AES key in the YubiKey or programming the YubiKey for OATH-HOTP or static
password, you will lose ALL abilities to use that particular YubiKey against
Yubico online severs, including validation server, forum, Wiki, etc.


That left me confused, since I don't know there is a possibility to upload
ones keys to Yubico.

I have several questions about this problem:

1. If I write a new configuration in "slot 1", and upload the keys to Yubico
servers, can I then use it to access "Yubicloud" again. If not, what is the
key uploading service used for?

2. Is it possible to write a new configuration in "slot 2", and upload it to
the Yubico servers to be used with Yubicloud?

3. Is it possible (I know that I shouldn't) to use one slot on two
authentication servers (for instance, let's say I generate my own key to be
used with YubiPAM [2] as described here [3] [4], and then upload the same key
to a Yubico server and also use it for the Yubicloud?

4. Is there a way to backup or clone a YubiKey in case that I lose it?

1. http://www.yubico.com/personalization-tool
2. viewtopic.php?f=8&t=159
3. http://forum.yubico.com/viewtopic.php?f=11&t=246
4. http://stuartl.longlandclan.yi.org/blog ... or-gentoo/
--


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Sun Apr 15, 2012 10:59 pm 
Offline

Joined: Sat Jan 14, 2012 3:05 am
Posts: 7
Hi :)

#1 - yes, you can create a new OTP and upload the details to Yubico to access their cloud (I have done this to use a yubikey with lastpass and my own unix servers)

#2 - yes, a second key can be added to slot 2 and uploaded just like slot 1 ...

#3 -- you could use the same key on two different authentication servers. This would technically open you up to a replay style attack (ie authenitcate against your own PAM solution and then someone uses that OTP against the yubicloud) -- of course, they would need to use it before you used your yubikey against the second (in this case, yubicloud) service.

#4 -- that would be hard -- particularly for the OTP slots as the backup key would be using older keys. I have two yubikeys setup with different OTP in slot one and the same static password in slot 2. I configured my services to accept OTP from both keys -- this way they are effectively the same for all of my needs (i can login to Lastpass, TrueCrypt, PAM (unix servers), static + pin authenication against various services, etc using either key).


Top
 Profile  
Reply with quote  
PostPosted: Mon Apr 23, 2012 11:29 am 
Offline
Yubico Team
Yubico Team

Joined: Mon Feb 22, 2010 9:49 am
Posts: 183
Hi,

We would encourage you to contact Yubico at support@yubico.com so that we together can test out any options and once we have a working configuration we can post the result back to the forum.

Thanks!
Samir.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group