|
Title: Can I use my own Yubikey on Mt Gox? Post by: AmDD on October 12, 2012, 10:13:53 PM I just bought a Yubikey from www.yubikey.com and tried to add it to my Mt Gox account but I cant seem to figure out how. It looks like they want you to buy a key from them... Am I missing something?
Title: Re: Can I use my own Yubikey on Mt Gox? Post by: Inaba on October 12, 2012, 10:23:38 PM Nope.
Nope you can't use it. Nope you aren't missing anything. Title: Re: Can I use my own Yubikey on Mt Gox? Post by: AmDD on October 12, 2012, 11:20:07 PM Seriously? What a crock of shit!
Title: Re: Can I use my own Yubikey on Mt Gox? Post by: Carlton Banks on October 13, 2012, 07:50:58 AM Seriously? What a crock of shit! I understand what you're saying, but not quite. The Yubikey has an internal key that Gox needs to know before it can identify your Yubikey as being definitively yours (a cryptographic signature is generated using the internal key). And so, I'm afraid you got what you paid for (you just didn't know what you were paying for) Does anyone know if OP could send the Yubikey to Gox, and Gox then extract a copy of the internal key? (sounds like a potentially dangerous thing to do. If Gox can scan the internal key, then I bet a postal worker that knows what the Mt Gox address looks like could equally extract the key). Title: Re: Can I use my own Yubikey on Mt Gox? Post by: AmDD on October 13, 2012, 12:44:04 PM Seriously? What a crock of shit! I understand what you're saying, but not quite. The Yubikey has an internal key that Gox needs to know before it can identify your Yubikey as being definitively yours (a cryptographic signature is generated using the internal key). And so, I'm afraid you got what you paid for (you just didn't know what you were paying for) Does anyone know if OP could send the Yubikey to Gox, and Gox then extract a copy of the internal key? (sounds like a potentially dangerous thing to do. If Gox can scan the internal key, then I bet a postal worker that knows what the Mt Gox address looks like could equally extract the key). I understand what your saying but based on that there should be no place at all, other than www.yubikey.com, that they will work. And if that's the case, what's the point? Title: Re: Can I use my own Yubikey on Mt Gox? Post by: Carlton Banks on October 13, 2012, 01:31:52 PM Perhaps the key is supplied in the instructions, or the instructions tell you how to access the key. If you can come up with a secure way of supplying the key to a third party, then you've got no problems using it with the services of said third party. Gox themselves sell Yubikeys directly to customers themselves, which should go a long way to making the key pretty secure.
Title: Re: Can I use my own Yubikey on Mt Gox? Post by: Inaba on October 13, 2012, 01:54:13 PM It's Mt.Gox themselves that is the crock of shit here, not Yubikey. Gox decided to run their own AES256 server instead of using Yubikeys, so they have a unique signature that makes using their keys impossible elsewhere for the most part. That said, given the history of the security practices at Mt.Gox, I would trust Yubikey far more to keep the Yubikey servers uncompromised than I would ever trust Mt.Gox to properly run an encryption server... but it is what it is.
Title: Re: Can I use my own Yubikey on Mt Gox? Post by: AmDD on October 13, 2012, 02:20:38 PM It's Mt.Gox themselves that is the crock of shit here, not Yubikey. Gox decided to run their own AES256 server instead of using Yubikeys, so they have a unique signature that makes using their keys impossible elsewhere for the most part. That said, given the history of the security practices at Mt.Gox, I would trust Yubikey far more to keep the Yubikey servers uncompromised than I would ever trust Mt.Gox to properly run an encryption server... but it is what it is. I agree, i wasnt upset with Yubikey but rather Gox for not being clear about having to buy one from them and for not using their servers. |