88 entries in 0.354s
: i suppose next someone cracks open one of these fetlifes, can dump the yubikey
set this way. tho... very roundabout way of ghoing about things -- could as well just list the privkeys.
: understand how "yubikey
" works : hitlerist website buys a boatload, extracts pub/privkeys, sends to losers.
: asciilifeform, tedious to get the pubkey out of shit like yubikey
: since the chip you discuss could be made out of extant bitcoin miner + yubikey
arrangement, they must both be just as linear
: apparently my boxes aren't needed, but hell yea roger ver's "money" that doesn't exist is more than welcome. and plox moar yubikey
and canonical and if it's not fucking plain yet...
: What's the opinion on pgp smart cards / yubikey
: > Yubikey
NEO (JavaCard OpenPGP) private key operations can be accessed without PIN
: they're sort of in the 'yubikey
' camp of 'blackbox toy crypto that plugs into usb'
: .cn sysop uses yubikey
at his terminal, "he's using gpg encryption... it'll take me at least a month to crack it... it must be at least a 512 bit key"
: why would anyone use a device such as 'yubikey
' for access to a man-portable machine ?
: asciilifeform: Appears to indeed be a Yubikey
: "The site broke new ground for security in the space, integrating Yubikey
and Google Authenticator"
: yeah but yubikey
neo has a javacard port of it, keys limited to 2048bit there
: fluffypony how is it different from a repurposed yubikey
: still; why would someone like yubikey
watch bob and say "I want me some of that?"
: asciilifeform: I think the RSA keyfob hack demonstrates your point about yubikey
: "- The Yubikey
personalization app saves a .csv logfile with the programmed key values meaning a malware-based attack may discover the log files on block devices even when the files have been deleted"
: anyone here own 'yubikey
' ? got it to cough up its fw?
: The code to run a yubikey
server is open source so you, I, or anyone is welcome to swap out the key and run their own server.
: ie, not all keys work, key has to satisfy magic yubikey
criteria on top of entropy
: artifexd> That may, or may not, invalidate the ability to use yubikey
's servers though. I don't know. << afaik blowing their key does make it unable to use the servers, because you see, the true beauty of stupidty : they actually narrow the keyspace (significantly) to make their product vendor-lockedin
: benkay suggested that the yubikey
could phone home (or any attacker) with the new contents if it were reloaded. I was questioning that.
: benkay If the yubikey
registers as a keyboard, how can it access the network?
: That may, or may not, invalidate the ability to use yubikey
's servers though. I don't know.
: If it makes a difference, yubikey
's internal slots are client writable.
: Naphex: what i'm trying to get across is that a fellow with yubikey
in his pocket is, in fact, 'holding a secret'
: i'm not trumpeting yubikey
, but i don't know of a better OTP atm
: asciilifeform: are you sugesting DPA could be use in retriving yubikey
: for instance, what measures, if any, against 'differential power analysis' in yubikey
: i use a yubikey
neo, and i'm pretty happy with it
: gotta ask, what's the basis for trusting 'yubikey
: OTP - is otp released to the client, by levels email yubikey
/gpg/ - whatever
: now OTP can be, Email / YubiKey
-> GPG, Bitcoin signature
: joecool: trying to explain to ninjashogun why a crypto-gizmo like yubikey
is fundamentally braindamaged
: Diablo-D3: xray of a yubikey
neo i'm guessing
: ninjashogun: homework. determined the cost of, starting with nothing but idle hands, personally determining exactly what your 'yubikey
: one of the things people refuse to understand about 'yubikey
' et al is that miniaturization of the keychain/card variety is fundamentally antithetical to genuine security.
: asciilifeform: have you looked at yubikey
: asciilifeform: i need to play with the yubikey
neo implementation of bip32
: isnt this inferior compared to yubikey
: i'm using 4096-bit RSA for the forseeable future, but ecdsa seems attractive if i can write a javacard implementation to work on my yubikey
: The yubikey
can hold a static password up to 64 characters long. 200+? 4 yubikeys that you have to use in the right order?
: so… more expensive than a yubikey
but only works with mtgox
: does anyone know how to add a yubikey
: but the only safe alternative is to buy a Yubikey
(= spending moneys)
: a new yubikey
can be used without restrictions
: can i just buy a new yubikey
? are they easy to set up?
: can i use my mtgox yubikey
at other places such as btc-tc
: why yubikey
if you already google auth?
: Hey guys, lets play hide the Yubikey
OK, not gay or anything this is for national security
: there are only so many places to hide your Yubikey
in the Sauna
: anyway, as you say. mtgox does not talk to yubikey
, it talks to teh computor.
: someone should sit with the chump, and patiently explain that mtgox doesn't talk to your yubikey
. it talks to your idiot consumer pc that happens to have a yubikey
plugged in, and a display that can output whatever your new owner wants it to.
: so it is entirely conceivable that a yubikey
-enabled gox diddler exists but has managed to infect only paupers
: mircea_popescu: you evil tempter, you just made me want to transfer btc to mtgox just to buy their yubikey
to trade or transfer?
: That is why I use 2fa and a yubikey
: hen I signed up(right after the hack) they gave me a free yubikey
- free shipping
: as you issued the yubikey
creates a pseudorandom string and you know what the strign is going to be, no?
: i still think that you could use the yubikey
: you know how yubikey
or any of those authenticators work?
: mtgox charges 30 usd for yubikey
: Mt.gox yubikey
only works for them
: do you get free yubikey
: send with yubikey
: Sign in with a yubikey
: ill add yubikey
: As soon as GLBSE replaces the submit acttion button with a yubikey
textarea I will be able to sleep at night
: I'm planning on giving customers of hotwallet a free yubikey
: I'm working on a non-yubikey
+ password and/or google auth login
: mircea do you have a yubikey