The big selling point with this is how platform independent it is (no drivers needed) and how easy it supposedly is to integrate. What it does is that it feeds the computer an one time password through your USB port acting as an USB keyboard when the end user pushes it's button. So it only uses features virtual all computers used by humans must have.
Ordered one two days ago, it is just across the border (me in Norway and Yubico in Sweeden) so one could hope to have it soon, but there is an airport strike in my country now that could delay snail mail I guess and perhaps they are empty after got some fame by this Security Now podcast...
The basis of it's workings:
The generated 128 bit password contains AES encrypted information that allows a server (that also know the secret AES key embedded in the YubiKey) to verify that the password is indeed a new one.
Resources with meat I have found related to the device:
- The company.
- The key.
- A 2007 Security report. This was going to be an independent report, however the author then started to work for Yubico so it is not independent. Also as time passes and the YubiKey product get updated relevance may diminish.
- Yubico's forum (requires a YubiKey to post).
- Open source YubiKey projects hosted at Google Code listed here and are discussed in this google group.
- Yubico's collection of external resources: articles.
- Yubico's monthly newsletter.
- Transcript of Security Now! Episode mostly about YubiKey.
- MP3 File of above episode.
- Secure Id News interview with Yubico CEO Stina Ehrensvärd in this podcast.
- A YubiKey web simulator with source code.
- A site that has taken it in use for authentication.
My YubiKey review
0 kommentarer:
Legg inn en kommentar