[gentoo-user] yubikey

[gentoo-user] yubikey

[Stefan G. Weichinger]

Anyone using that (with gentoo) ?

Experience? I consider getting one to test and use it ..

flameeyes didn't get one:

https://blog.flameeyes.eu/2012/01/how-not-to-sell-me-something-why-i-won-t-be-maintaining-yubikey-software-directly-in-gentoo

maybe since then they changed their policies etc

Stefan

Re: [gentoo-user] yubikey

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 953 bytes --]

On Wed, 18 Jun 2014 14:21:27 +0200, Stefan G. Weichinger wrote:

> Anyone using that (with gentoo) ?

I got one a few days ago to check out. It's basically a USB keyboard, so
it works with Gentoo exactly the same way it works with anything else.
I've only tried the static password part so far, but my hard drive is not
encrypted with a ridiculously long key that I would never use if I had to
type it manually.

> Experience? I consider getting one to test and use it ..
> 
> flameeyes didn't get one:
> 
> https://blog.flameeyes.eu/2012/01/how-not-to-sell-me-something-why-i-won-t-be-maintaining-yubikey-software-directly-in-gentoo
> 
> maybe since then they changed their policies etc

It's weird. They list prices in dollars, PayPal converts that to Pounds
Sterling, then the device is posted for a UK address. The VAT thing is
even weirder.


-- 
Neil Bothwick

Found my .sig, it was in behind the cushion on the settee.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: [gentoo-user] yubikey

[Alon Bar-Lev]

On Wed, Jun 18, 2014 at 3:50 PM, Neil Bothwick <neil@digimed.co.uk> wrote:
>
> On Wed, 18 Jun 2014 14:21:27 +0200, Stefan G. Weichinger wrote:
>
> > Anyone using that (with gentoo) ?
>
> I got one a few days ago to check out. It's basically a USB keyboard, so
> it works with Gentoo exactly the same way it works with anything else.
> I've only tried the static password part so far, but my hard drive is not
> encrypted with a ridiculously long key that I would never use if I had to
> type it manually.

Right, I use it, and it working fine.
I use single HOTP.
The sdk/tools also build friendly, there was no problem to build in
order to perform the initial enrolment.

>
>
> > Experience? I consider getting one to test and use it ..
> >
> > flameeyes didn't get one:
> >
> > https://blog.flameeyes.eu/2012/01/how-not-to-sell-me-something-why-i-won-t-be-maintaining-yubikey-software-directly-in-gentoo
> >
> > maybe since then they changed their policies etc
>
> It's weird. They list prices in dollars, PayPal converts that to Pounds
> Sterling, then the device is posted for a UK address. The VAT thing is
> even weirder.
>
>
> --
> Neil Bothwick
>
> Found my .sig, it was in behind the cushion on the settee.

Re: [gentoo-user] yubikey

[Stefan G. Weichinger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am 18.06.2014 14:50, schrieb Neil Bothwick:
> On Wed, 18 Jun 2014 14:21:27 +0200, Stefan G. Weichinger wrote:
> 
>> Anyone using that (with gentoo) ?
> 
> I got one a few days ago to check out. It's basically a USB
> keyboard, so it works with Gentoo exactly the same way it works
> with anything else. I've only tried the static password part so
> far, but my hard drive is not encrypted with a ridiculously long
> key that I would never use if I had to type it manually.

cool ...

I'd like to use it for

* plain login
* unlocking ssh-keys
* maybe even unlocking my LUKS-partitions

...

and the NFC-part for combining it with a password safe on my android phone

> It's weird. They list prices in dollars, PayPal converts that to 
> Pounds Sterling, then the device is posted for a UK address. The
> VAT thing is even weirder.

I consider I won't get a correct invoice .. in terms of taxes ..

S

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJToY3LAAoJEClcuD1V0PzmNeMP/iKez25Dt8BiZNyJKW2uyVTh
caoW0Co8eo509LkLeuD3/GypWAc2ASkz/Qo6M/Kuoz+tN0jYPIkdoMQCRDcLltOt
o8/VXjTjtdMIRVt3LEJ4gtMaoh4CE/dP/aRUMWflDamCy2UgR1tKp2tDe2BpluG9
FHQCkSQeoWpf5UsYddLp9MHCQqyWBN5jpB3s3sgYPdFz9JERt84zdDvMTYgeiHLM
bYD+StdIXwnNAP63mWIXueTSF7yl9hTJSc62/R4F+SOEF7Et7RGyj1LmYYy4Pxrz
eVIbZ7jS/uBBW+pp8MtbLF6m6J5XiA4VripHNbQa+pkx1zzrRSEe3lhN9zzR3xZq
83hLUMYUw1uCgiHo7AQxFjNWee/xei5QuZMND44bkJNRsMOjnrlmLxNFOyi2E9bq
VNehz58caBkyiqwusMUaM6BfVs4dt5XLk5LhaWDqzjN59Q6XoR92Gi1BExLL5IAA
/YhVvBXARc5qFYHZn0/fOGr/lskG/8kpwELlXYE8tVcimdLrSmcOzr8Q7zEJCtnn
twkX08RM0taadiQ9ZFJ80Lcc8SZgxMVHHJwFyu+8nUoifvFkn1WSt642IZSn5aVN
3oTQhom8vf4fNjI64TaklOQfp+8NZECtIwBVnS6yyjg0yyQTPiKAebvPigaJyai1
8YJdE0f/85vrm0CVBJKc
=MDt1
-----END PGP SIGNATURE-----

Re: [gentoo-user] yubikey

[Stefan G. Weichinger]

Am 18.06.2014 14:54, schrieb Alon Bar-Lev:

> Right, I use it, and it working fine.
> I use single HOTP.
> The sdk/tools also build friendly, there was no problem to build in
> order to perform the initial enrolment.

good to hear, thanks!

Re: [gentoo-user] yubikey

[Bill Kenworthy]

I went the google auth route for ssh with an app on a pebble watch - the
watch is always with me :)

Has an ebuild (keyworded), simple setup, just works.

BillK


On 18/06/14 20:54, Alon Bar-Lev wrote:
> On Wed, Jun 18, 2014 at 3:50 PM, Neil Bothwick <neil@digimed.co.uk> wrote:
>>
>> On Wed, 18 Jun 2014 14:21:27 +0200, Stefan G. Weichinger wrote:
>>
>>> Anyone using that (with gentoo) ?
>>
>> I got one a few days ago to check out. It's basically a USB keyboard, so
>> it works with Gentoo exactly the same way it works with anything else.
>> I've only tried the static password part so far, but my hard drive is not
>> encrypted with a ridiculously long key that I would never use if I had to
>> type it manually.
> 
> Right, I use it, and it working fine.
> I use single HOTP.
> The sdk/tools also build friendly, there was no problem to build in
> order to perform the initial enrolment.
> 
>>
>>
>>> Experience? I consider getting one to test and use it ..
>>>
>>> flameeyes didn't get one:
>>>
>>> https://blog.flameeyes.eu/2012/01/how-not-to-sell-me-something-why-i-won-t-be-maintaining-yubikey-software-directly-in-gentoo
>>>
>>> maybe since then they changed their policies etc
>>
>> It's weird. They list prices in dollars, PayPal converts that to Pounds
>> Sterling, then the device is posted for a UK address. The VAT thing is
>> even weirder.
>>
>>
>> --
>> Neil Bothwick
>>
>> Found my .sig, it was in behind the cushion on the settee.
> 

Re: [gentoo-user] yubikey

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 1218 bytes --]

On Wed, 18 Jun 2014 15:02:03 +0200, Stefan G. Weichinger wrote:

> > I got one a few days ago to check out. It's basically a USB
> > keyboard, so it works with Gentoo exactly the same way it works
> > with anything else. I've only tried the static password part so
> > far, but my hard drive is not encrypted with a ridiculously long
> > key that I would never use if I had to type it manually.  
> 
> cool ...
> 
> I'd like to use it for
> 
> * plain login
> * unlocking ssh-keys
> * maybe even unlocking my LUKS-partitions

It's the third I'm using it for at the moment.

> and the NFC-part for combining it with a password safe on my android
> phone

I've got the standard Yubikey, although the Neo does lok a good bet for
mobile usage too.

> > It's weird. They list prices in dollars, PayPal converts that to 
> > Pounds Sterling, then the device is posted for a UK address. The
> > VAT thing is even weirder.  
> 
> I consider I won't get a correct invoice .. in terms of taxes ..

They don't appear to have a base in Austria, so it will probably be the
same as any other overseas purchase for you.


-- 
Neil Bothwick

CONGRSS.SYS corruptd... Re-boot Washington D.C? (Y/N)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

[gentoo-user] Re: yubikey

[James]

Stefan G. Weichinger <lists <at> xunil.at> writes:


> Anyone using that (with gentoo) ?
> Experience? I consider getting one to test and use it ..

> Stefan

I do not know where to start, so I just try to simplify things
Near Field Communications, are a very bad idea, if you care
about security. (ybikey) is based on NFC. In fact, it is compatible
with RFID. So, you should know that millions of locations
have RFID loops established, so that if you pass through the loop,
folks can "OWN" your RFID (NFC) device information. The semiconductor
companies have all established "back doors" into their hardware
offering, for various reasons. There is a matrix of what owners
of the loop antennae installations can gain access to depending
on who they are, how much they pay, and which "nation states"
they "play ball" with.


Here in Floirda the most infamous RF loop antennaes are installed
on the (toll) roadways:

http://en.wikipedia.org/wiki/SunPass

http://cybersecurity.mit.edu/tag/near-field-communication/

Many tables found in restuarants have RF* loop antennaes built into
the table, and folks purchasing these tables are not even aware
of them. They are difficult to detect.


Digital information gathering is a few decades old.
Signal Intercept (RF*) is over 60 years old and very, very
successful. Most of that technology is clasified. There are many satelittes
capable of picking up RFID signals, generated terrestrially, above the
atmosphere.


Using RF* to secure anything is like pulling down your panties
at a Frat party full of horney teenage males. It's not a question
of if, but what you are going to "exchange energies with" !

However that said, there are passive RF  back doors built into most
devices that cost over $20.00 usd now adays; so I guess it
does not really even matter ?

http://www.mouser.com/applications/rf_energy_harvesting/

caveat emptor.

James

Re: [gentoo-user] Re: yubikey

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 477 bytes --]

On Wed, 18 Jun 2014 18:08:21 +0000 (UTC), James wrote:

> > Anyone using that (with gentoo) ?
> > Experience? I consider getting one to test and use it ..  
> 
> > Stefan  
> 
> I do not know where to start, so I just try to simplify things
> Near Field Communications, are a very bad idea, if you care
> about security. (ybikey) is based on NFC.

The Yubikey NEO uses NFC, the standard models do not use it.


-- 
Neil Bothwick

RAM = Rarely Adequate Memory

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

[gentoo-user] Re: yubikey

[James]

Neil Bothwick <neil <at> digimed.co.uk> writes:

> 
> On Wed, 18 Jun 2014 18:08:21 +0000 (UTC), James wrote:
> 
> > > Anyone using that (with gentoo) ?
> > > Experience? I consider getting one to test and use it ..  
> > 
> > > Stefan  
> > 
> > I do not know where to start, so I just try to simplify things
> > Near Field Communications, are a very bad idea, if you care
> > about security. (ybikey) is based on NFC.
> 
> The Yubikey NEO uses NFC, the standard models do not use it.

OK, lets skip any RF backdoors installed by the manufacturer,
as those always exist, but are 'out of scope', for now.


U see this?

http://www.unrest.ca/evaluating-the-security-of-the-yubikey

James

Re: [gentoo-user] Re: yubikey

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 714 bytes --]

On Wed, 18 Jun 2014 19:23:25 +0000 (UTC), James wrote:

> OK, lets skip any RF backdoors installed by the manufacturer,
> as those always exist, but are 'out of scope', for now.
> 
> 
> U see this?
> 
> http://www.unrest.ca/evaluating-the-security-of-the-yubikey

I hadn't. At first glance it appears to relate to their OTP service,
which I don't use. I use it with a static password as part of a two
factor approach, so you would need to get physical access to the key for
long enough to grab the password and know the other part of the password.


-- 
Neil Bothwick

When you go to court you are putting yourself in the hands of 12 people
that were not smart enough to get out of jury duty.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 181 bytes --]