Still no YubiKey :-(.
However I can play around with a YubiKey web simulator an early YubiKey hacker named hasterguf has made :-).
And here is it's source code.
My resource post on the YubiKey
My YubiKey review
lørdag 31. mai 2008
mandag 26. mai 2008
The Yubico Forum
I edited the resource list in my previous post on Yubico's YubiKey to include a forum they now have. I think it is clever that they uses the YubiKey to give write access to the forum: it gives developers a chance to use the key for a real web application straight out of the envelope. I would imagine any YubiKey hacker would register as a forum user anyway.
A gem for developers already posted in the forum is the test vector post, using information here a developer can get a lot of code written and tested while waiting for mail man to show up with the device.
If you have questions but yet no key it is my experience that mails to Yubico gets answered rather promptly.
My resource post on the YubiKey
My YubiKey review
A gem for developers already posted in the forum is the test vector post, using information here a developer can get a lot of code written and tested while waiting for mail man to show up with the device.
If you have questions but yet no key it is my experience that mails to Yubico gets answered rather promptly.
My resource post on the YubiKey
My YubiKey review
torsdag 22. mai 2008
An One Time Password (OTP) USB Keyboard Emulator Generator Device called The YubiKey
I am going to have a look at this USB authentication solution from a company named Yubico: The YubiKey.
The big selling point with this is how platform independent it is (no drivers needed) and how easy it supposedly is to integrate. What it does is that it feeds the computer an one time password through your USB port acting as an USB keyboard when the end user pushes it's button. So it only uses features virtual all computers used by humans must have.
Ordered one two days ago, it is just across the border (me in Norway and Yubico in Sweeden) so one could hope to have it soon, but there is an airport strike in my country now that could delay snail mail I guess and perhaps they are empty after got some fame by this Security Now podcast...
The basis of it's workings:
The generated 128 bit password contains AES encrypted information that allows a server (that also know the secret AES key embedded in the YubiKey) to verify that the password is indeed a new one.
Resources with meat I have found related to the device:
My YubiKey review
The big selling point with this is how platform independent it is (no drivers needed) and how easy it supposedly is to integrate. What it does is that it feeds the computer an one time password through your USB port acting as an USB keyboard when the end user pushes it's button. So it only uses features virtual all computers used by humans must have.
Ordered one two days ago, it is just across the border (me in Norway and Yubico in Sweeden) so one could hope to have it soon, but there is an airport strike in my country now that could delay snail mail I guess and perhaps they are empty after got some fame by this Security Now podcast...
The basis of it's workings:
The generated 128 bit password contains AES encrypted information that allows a server (that also know the secret AES key embedded in the YubiKey) to verify that the password is indeed a new one.
Resources with meat I have found related to the device:
- The company.
- The key.
- A 2007 Security report. This was going to be an independent report, however the author then started to work for Yubico so it is not independent. Also as time passes and the YubiKey product get updated relevance may diminish.
- Yubico's forum (requires a YubiKey to post).
- Open source YubiKey projects hosted at Google Code listed here and are discussed in this google group.
- Yubico's collection of external resources: articles.
- Yubico's monthly newsletter.
- Transcript of Security Now! Episode mostly about YubiKey.
- MP3 File of above episode.
- Secure Id News interview with Yubico CEO Stina Ehrensvärd in this podcast.
- A YubiKey web simulator with source code.
- A site that has taken it in use for authentication.
My YubiKey review
Abonner på:
Innlegg (Atom)
