Sunday, May 18, 2008

YubiCo and its YubiKey

It is a member of the one time password initiative, this people are a defiantly a check out for future one time password solutions.
How does the YubiKey works and what does it do for me.

The Yubi key is basically a usb key(token)that you insert into your computer and when you hit the green glowing light on the usb key, it spits out a 44 character string that is your password. The 44 letter string is semi sudo random data. Which means it can be tgracked back to your key but it cannot be track or duplicated or reverse engineered. This is in essence a perfect unique password. This string is different every time you hit the green glowing button, so there is no worries of some key logging your password. Also portion of the string is 128 bit AES randomly generated number.

Now for uses, how can this be used. Well think car keys, think credit card authorization keys, think computer passwords, anytime of authentication method that requires a key and or password of any type can be replaced by one of this single keys. The only mystery requirement is that the receiving party of the string must have your key ID (part of the 6 first characters of the string) programed into it.
For more information check out:


jenecai said...

The hypocritical Yubico

Seeing the Yubikey popularity growing, I'm supposed to be
happy and take credts, revenue sharing out of it. Since I'm
one of the earliest full-time employee in Yubico. But I just
want people to know the truth behind the fraudulent skin, it
has been full of lies, abuse on people, slack on security,
and rip-off of all Yubikey users/customers.

Without me, there won't be Yubikey validation server, PAM, etc.

It has been my nightmarish experience that still haunts me all
the time. I was fired when I'm suffering illness and severe
pains after working for 2 weeks almost without any sleep for

And the slack on security is unforseen. The executives keep on
ignoring warnings of security holes that can leak the entire
Yubikey secret key database to hackers. There are no intrusion
detection, not even a vulnerability scanner! And it is hosted
in one of the least secure infrastructure in Plug-n-Play center
that is aimed for start-ups in college.

Falsely promised stock options, working like a slave for months
without getting paid, all I got in return was a cold-blooded email
telling me "You are fired".

They think they hide under the Swedish law and I can't go there
to sue them? I'll be back, I'll be back for sure.

Jose Hernandez said...

Jenecai Im sorry for what they have done, where are you now in the world, has karma repaid you?