How to use existing Yubikey with mt Gox

[yoyoceramic]

Hi Everyone,

I already use a Yubikey that I bought in order to have a 2 factor with lastpass and blockchain.info.  Is there a way to use the same key with Mt Gox? 

When I get to the "Add new software Authentication System" I get a "standard private key' and a "secure private key" and a blank field called "code".  Do I need to use the Yubikey personalization software to generate the code?

I do not want to use google authenticator, and I don't want to have to buy Mt. Gox's yubi key. 

Thanks

[Stephen Gornick]

I do not want to use google authenticator, and I don't want to have to buy Mt. Gox's yubi key.  

I believe you program the Yubikey OTP with the secret from Mt. Gox, just like you would configure Google Authenticator.
  - http://www.yubico.com/products/services-software/personalization-tools/yubikey-otp/

[mjc]

No you cannot use an existing YubiKey with Mt Gox.  I thought the same.  You have to order a YubiKey from them for their site.

That's their policy.  there is no technical reason why, except they want to make a few extra bucks off the process, I guess.

They program to OTP into the key.  The first profile is for log in on to their system, the second profile is used for transferring money from your account.

While it is a pain, it is advisable to go ahead and get one.  When I did, I got the one that was branded with the Mt Gox logo.  Makes it easier to manage.

Hope that helps.

[247saver]

This leads me to think:

If I bought a Yubikey for Mt Gox (first) could I then also use it later with a Blockchain.info wallet?

[davout]

This leads me to think:

If I bought a Yubikey for Mt Gox could I then also use it with a Blockchain.info wallet?

nope, well yes, but that's just because blockchain.info doesn't do the right thing and only checks the key id without actually validating the OTP meaning its vulnerable to replay attacks. boo

[davout]

That's their policy.  there is no technical reason why, except they want to make a few extra bucks off the process, I guess.

Their technical reason is that they are the only ones keeping a copy of the AES key that's in the yubikey, regular yubikeys need the OTPs to be validated against yubico's service who keeps a copy of the AES key. I don't think it makes much sense but that's the technical reason they advertise.

[Blazr]

This leads me to think:

If I bought a Yubikey for Mt Gox (first) could I then also use it later with a Blockchain.info wallet?

Yes, but a cat with a straw in its mouth would do a better job at protecting your wallet. If your yubikey is keylogged, it can actually be re-used by an attacker due to the way BC.info decided to support Yubikeys (the wrong way).

[247saver]

Thanks for the quick replies!