Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 5:36 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 9 posts ] 
Author Message
PostPosted: Sat Jun 27, 2009 6:07 pm 
Offline

Joined: Tue Feb 24, 2009 4:05 pm
Posts: 9
Just curious, if it is press and release in less than 1.5 secs for one kind of code and hold for 2.5-5 secs for the other how can one tell if you have held down long enough to generate a second configuration OTP? What happens if you hold down for longer than 5 seconds?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Jun 29, 2009 2:06 pm 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
The new YubiKey 2.0 provides an interesting feature. For the static password configuration, if the "Allow user to manually update using the button" option is selected from the new personalization utility, users can reprogram their YubiKeys on the fly if the YubiKey button is pressed for 6-8 secs. If this option is not selected, the YubiKey will just rapidly flash for a while and nothing will be emitted from the YubiKey. For more information about all the new features added in the YubiKey 2.0, please visit the following link:

http://www.yubico.com/developers/personalization/


Top
 Profile  
Reply with quote  
PostPosted: Wed Jul 08, 2009 11:35 pm 
Offline

Joined: Wed Jul 08, 2009 10:11 pm
Posts: 4
How do you update with pressing 6 seconds?


Top
 Profile  
Reply with quote  
PostPosted: Thu Jul 09, 2009 12:40 am 
Offline
Site Admin
Site Admin

Joined: Wed May 28, 2008 7:04 pm
Posts: 263
Location: Yubico base camp in Sweden - Now in Palo Alto
First of all, the key needs to be configured for static mode (CFGFLAG_STATIC_TICKET flag set). Secondly, the new flag CFGFLAG_MAN_UPDATE needs to be set.

The keys that we send out does not have this feature enabled as they are all configured in OTP mode to work with the Yubico validation server.

You can easily try out this new function by downloading the new personalization tool and try with configuration #2, thereby keeping configuration #1 to still work with the Yubico validations service.

Again - this feature only works on Yubikey 2 !

1. Fire up the configuration tool
2. Select "Create a static Yubikey configuration"
3. Basic mode is okay to start with for testing. Check the box "Allow user to manually update"
4. Just go for next until you get to programming.
5. Select "Write to configuration 2"
6. Insert the key and press Run
7. When acknowledged, the key is ready to use.

A short press (0.3-1.5 seconds) yields the default (configuration 1) output.
A long press (2.5 - 5 seconds) yields the newly created static output (configuration 2).

Try the second a couple of times and you'll (hopefully) see that the output is all the same.

Now, press and hold the key for 8-15 seconds and release it. The LED shall now begin to flash slowly. Give it a short press and the update is committed and the new OTP is yielded.

A typical usage scenario could be:

1. Give user a Yubikey configured with the flags CFGFLAG_STATIC_TICKET and CFGFLAG_MAN_UPDATE set.
2. The password policy is cranked up with a minimum length
3. When the user is asked to change password next time, the normal username is entered
4. In the password field, the old password is entered
5. The user is asked to enter a new password. The new password poliicy now apply
6. The user types in the password and holds the Yubikey button for 10 seconds and releases. The newly created password is outputted
7. Enter the password again. Press 3 seconds and release. The new password is confirmed.

The reason why this function is created is to support legacy login without any need for any back-end functionality. It is ny no means perfect, but seems to fulfill quite a few user's need for enhanced security at a very low implementation cost.


With the best regards,

JakobE
Hardware- and firmware guy @ Yubico


Top
 Profile  
Reply with quote  
PostPosted: Thu Jul 09, 2009 12:55 am 
Offline

Joined: Wed Jul 08, 2009 10:11 pm
Posts: 4
So from this what I understand is;

When I press the key for 8 seconds it will change the static password and write itself with the new password.

How about if i want to setup a manual password lets say hellothisismyrandomunhackablepassword ?

Can we do that?


Top
 Profile  
Reply with quote  
PostPosted: Thu Jul 09, 2009 8:04 am 
Offline
Yubico Team
Yubico Team

Joined: Wed Oct 01, 2008 8:11 am
Posts: 210
The new personalization utility provides an feature of programming the YubiKey 2.0 with keyboard scan code input for static password configuration. The scan code mode provides a mechanism to generate a string based on any arbitrary keyboard scan code.

Select the "Scan ccode mode" under the the "Create a static Yubikey configuration" and place the cursor in the "Scan code input" field and type the desired string. The keystrokes are converted to scan codes and YubiKey is programmed accordingly. When YubiKey button is pressed, the YubiKey will generated the string entered in the "Scan code input" field. This way we can program the YubiKey to emit the desired password.

Please note that this feature is available only for YubiKey 2 only, maximum 16 characters are allowed and this mode may create incompatibilities if different national keyboard layouts are used as the mapping varies between countries.


Top
 Profile  
Reply with quote  
PostPosted: Fri Aug 07, 2009 7:35 pm 
Offline

Joined: Sat Feb 21, 2009 12:18 am
Posts: 2
Can the static short password (16 characters) be reprogrammed using the 10 second button press? I cannot get this to work on my key even though I have clearly switched on the "manually update using the button" setting. I press the button for 3 seconds and get a 16 character static password. I then hold it for 10 seconds, release it and the ring flashes rapidly for 2-3 seconds. A brief press during the rapid flash does not change the static password.

If it makes any difference I have upper/lower case set as well as characters/numbers.


Top
 Profile  
Reply with quote  
 Post subject: Config tool bug !
PostPosted: Sat Aug 08, 2009 12:08 pm 
Offline
Site Admin
Site Admin

Joined: Wed May 28, 2008 7:04 pm
Posts: 263
Location: Yubico base camp in Sweden - Now in Palo Alto
Thanks for bringing up this matter. It is a bug in the configuration tool that only shows up in truncated (short = 16 character) mode.

We'll post an updated version of the config tool soon.

Regards,

JakobE
Hardware- and firmware guy @ Yubico


Top
 Profile  
Reply with quote  
 Post subject: Re: Config tool bug !
PostPosted: Sun Aug 09, 2009 7:32 pm 
Offline

Joined: Sat Feb 21, 2009 12:18 am
Posts: 2
Thanks Jakob
JakobE wrote:
Thanks for bringing up this matter. It is a bug in the configuration tool that only shows up in truncated (short = 16 character) mode.

I presume that when the config tool has been updated, I will be able to program my key to allow the password to be regenerated with a 10 second press. Are you able to say when the config tool will be updated please?


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group