Maxim Burgerhout writes:
> Hi,
>
> I am the maintainer for ykpers and libyubikey for Fedora. It's great
> to see Fedora starting to use these nifty devices!
>
> If there is anything I can do to help out and make the use of
> Yubikey's in the Fedora project into a success, just holler.
Hi -- I li
Paul Wouters writes:
> On Fri, 8 Oct 2010, Nathanael D. Noblet wrote:
>
>> On 10/07/2010 10:58 PM, Paul Wouters wrote:
>>> One usage of yubikey I would like very much is as storage for the AES
>>> encryption key for disk encryption. I'd prefer the disk crypto key to
>>> not be on the disk at all,
On Fri, Oct 8, 2010 at 16:57, Matthew Miller wrote:
> On Fri, Oct 08, 2010 at 11:47:43AM +0200, Maxim Burgerhout wrote:
>> If there is anything I can do to help out and make the use of
>> Yubikey's in the Fedora project into a success, just holler. It might
>
> Fixing the pam module to not crash m
On Fri, 8 Oct 2010, Jesse Keating wrote:
>> Note that yubikeys are not (yet) usable for this. You cannot request the
>> AES key from it (AFAIK), only an OTP. And the OTP can also not be used to
>> unlock
>> an AES key on the harddisk because it is different for each activation.
>
> Can't you use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/8/10 2:48 PM, Paul Wouters wrote:
> On Fri, 8 Oct 2010, Nathanael D. Noblet wrote:
>
>> On 10/07/2010 10:58 PM, Paul Wouters wrote:
>>> One usage of yubikey I would like very much is as storage for the AES
>>> encryption key for disk encryption.
On Fri, 8 Oct 2010, Nathanael D. Noblet wrote:
> On 10/07/2010 10:58 PM, Paul Wouters wrote:
>> One usage of yubikey I would like very much is as storage for the AES
>> encryption key for disk encryption. I'd prefer the disk crypto key to
>> not be on the disk at all, protected by just a passphras
On 10/07/2010 10:58 PM, Paul Wouters wrote:
> One usage of yubikey I would like very much is as storage for the AES
> encryption key for disk encryption. I'd prefer the disk crypto key to
> not be on the disk at all, protected by just a passphrase. It would be
> nice to have it on a yubikey instead
On Fri, Oct 8, 2010 at 08:48, Paul Wouters wrote:
> On Fri, 8 Oct 2010, Dennis Gilmore wrote:
>
>> It sounds like you do not fully understand how the yubikeys work. either that
>> or i dont understand the attack you are describing?
>
> It all comes down to this being based on symmetric crypto, no
On 2010-10-08 10:57:16 AM, Matthew Miller wrote:
> On Fri, Oct 08, 2010 at 11:47:43AM +0200, Maxim Burgerhout wrote:
> > If there is anything I can do to help out and make the use of
> > Yubikey's in the Fedora project into a success, just holler. It might
>
> Fixing the pam module to not crash mi
On Fri, Oct 08, 2010 at 11:47:43AM +0200, Maxim Burgerhout wrote:
> If there is anything I can do to help out and make the use of
> Yubikey's in the Fedora project into a success, just holler. It might
Fixing the pam module to not crash might be good. :)
Have you considerd packaging up the server
On Fri, 8 Oct 2010, Dennis Gilmore wrote:
> Even if you use your yubikey with yubicos servers. and auth against multiple
> different providers your AES key is never exposed to to any of the places that
> you auth to.
That is correct if different service providers auth the OTP against
yubicos serv
On Friday, October 08, 2010 12:06:58 am Paul Wouters wrote:
> On Thu, 7 Oct 2010, Mike McGrath wrote:
> > My understanding on this is, and I reserve the right to misunderstand
> > this, is that once the AES key is on the yubikey, there is no way to get
> > it off of there. That key is just used to
On Fri, 8 Oct 2010, Maxim Burgerhout wrote:
> Hi,
>
> I am the maintainer for ykpers and libyubikey for Fedora. It's great
> to see Fedora starting to use these nifty devices!
>
> If there is anything I can do to help out and make the use of
> Yubikey's in the Fedora project into a success, just h
Hi,
I am the maintainer for ykpers and libyubikey for Fedora. It's great
to see Fedora starting to use these nifty devices!
If there is anything I can do to help out and make the use of
Yubikey's in the Fedora project into a success, just holler. It might
be interesting to add a README.Fedora to
On Fri, Oct 08, 2010 at 12:07:34AM -0400, Matthew Miller wrote:
> On Thu, Oct 07, 2010 at 11:30:43PM -0400, Toshio Kuratomi wrote:
> > The newer yubikey hardware has provision for two AES keys but I'm not sure
> > how that works and whether it actually allows you to use separate keys with
> > separ
On Thu, 7 Oct 2010, Mike McGrath wrote:
> My understanding on this is, and I reserve the right to misunderstand
> this, is that once the AES key is on the yubikey, there is no way to get
> it off of there. That key is just used to generate OTP's. So if an
> attacker were to get an OTP they could
On Thu, 7 Oct 2010, Toshio Kuratomi wrote:
> The one time passwords generated by the yubikey can safely be used with
> multiple services. The thing that is unsafe is using the same AES key with
> multiple ykksm's. Yubico runs a ykksm for people to use with some third
> party websites that suppor
On Thu, Oct 07, 2010 at 11:30:43PM -0400, Toshio Kuratomi wrote:
> The newer yubikey hardware has provision for two AES keys but I'm not sure
> how that works and whether it actually allows you to use separate keys with
> separate servers. Someone will need to look into this.
Yes, separate keys -
On Thu, Oct 07, 2010 at 08:54:12PM -0400, Paul Wouters wrote:
>
> I have one and I've played with it in fedora. There is however an important
> catch. The server and the yubikey share the same AES symmetric key. This means
> that if the yubikey is used for multiple sites by one user, that user is
On Thu, 7 Oct 2010, Ricky Zhou wrote:
> On 2010-10-07 07:25:47 PM, Mike McLean wrote:
> > On Thu, Oct 7, 2010 at 5:51 PM, Paul Wouters wrote:
> > > I have one and I've played with it in fedora. There is however an
> > > important
> > > catch. The server and the yubikey share the same AES symmetr
On 2010-10-07 07:25:47 PM, Mike McLean wrote:
> On Thu, Oct 7, 2010 at 5:51 PM, Paul Wouters wrote:
> > I have one and I've played with it in fedora. There is however an important
> > catch. The server and the yubikey share the same AES symmetric key. This
> > means
> > that if the yubikey is use
On Thu, 7 Oct 2010, Paul Wouters wrote:
> On Thu, 7 Oct 2010, Mike McGrath wrote:
>
> >>> We also decided to allow yubikeys as an authentication option for the
> >>> larger community to some hosts and services like fedorapeople.org or
> >>> https://admin.fedoraproject.org/community/. When asked f
On Thu, 7 Oct 2010, Mike McLean wrote:
>> I guess in a way it is like using the same password, but people might not be
>> thinking of that when they have a "device" on them that they use.
>
> Wow, that's a serious weakness. Are we sure about this?
http://www.yubico.com/files/Security_Evaluation_2
On 10/7/2010 12:04, Mike McGrath wrote:
> http://fedoraproject.org/wiki/Infrastruture/Yubikey
^^
Typo alert! ;)
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
On Thu, Oct 7, 2010 at 5:51 PM, Paul Wouters wrote:
> I have one and I've played with it in fedora. There is however an important
> catch. The server and the yubikey share the same AES symmetric key. This means
> that if the yubikey is used for multiple sites by one user, that user is
> sharing
>
I'm not a security expert but I understood that the usual way to use
these keys was to have one server that the key authenticates with, and
further sites would be accessible through openID or similar - so the
authentication is always with one server.
Using the same device with mutliple servers is
On Thu, Oct 07, 2010 at 12:04:49PM -0500, Mike McGrath wrote:
> Implementation work continues to be discussed and put in please but please
> direct any questions or comments to #fedora-admin on irc.freenode.net or
> the Infrastructure mailing list -
Hello, synchronicity! I was just looking at thi
On Thu, 7 Oct 2010, Mike McGrath wrote:
>>> We also decided to allow yubikeys as an authentication option for the
>>> larger community to some hosts and services like fedorapeople.org or
>>> https://admin.fedoraproject.org/community/. When asked for a password,
>>> just use your yubikey to genera
On Thu, 7 Oct 2010, Bruno Wolff III wrote:
> On Thu, Oct 07, 2010 at 12:04:49 -0500,
> Mike McGrath wrote:
> >
> > We also decided to allow yubikeys as an authentication option for the
> > larger community to some hosts and services like fedorapeople.org or
> > https://admin.fedoraproject.org/c
On Thu, Oct 07, 2010 at 12:04:49 -0500,
Mike McGrath wrote:
>
> We also decided to allow yubikeys as an authentication option for the
> larger community to some hosts and services like fedorapeople.org or
> https://admin.fedoraproject.org/community/. When asked for a password,
> just use your
30 matches
Mail list logo
