Bitcoin Forum
March 28, 2024, 09:17:36 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: [1]
  Print  
Author Topic: Mt.Gox: now yubikey enabled  (Read 4588 times)
MagicalTux (OP)
VIP
Hero Member
*
Offline Offline

Activity: 608
Merit: 501


-


View Profile
July 07, 2011, 11:55:39 PM
 #1

You can now order a yubikey if you have a Mt.Gox account and 29.99 USD or equivalent in bitcoins.

You can just login to Mt.Gox and click on "order a yubikey".

For the past weeks we have been focusing on improving the security on our site, both on our side, and on our users' side.

We have tested various options, and the yubikey was chosen as it is cost-effective and secure. Each time you use it, a 44 characters long code is inputted by your yubikey on your keyboard. This string is in fact the hexadecimal representation of an AES128 encrypted message that allows us to certify you are indeed you.

We will start shipping those today to people who have already ordered, and hve some stocks for the next days. So far it is difficult to know exactly how many people will order, swhich make it difficult to provide an estimate. We will  update as we receive more orders on the shipping delays.

When shipped you receive an URL to track your package.
1711617456
Hero Member
*
Offline Offline

Posts: 1711617456

View Profile Personal Message (Offline)

Ignore
1711617456
Reply with quote  #2

1711617456
Report to moderator
1711617456
Hero Member
*
Offline Offline

Posts: 1711617456

View Profile Personal Message (Offline)

Ignore
1711617456
Reply with quote  #2

1711617456
Report to moderator
1711617456
Hero Member
*
Offline Offline

Posts: 1711617456

View Profile Personal Message (Offline)

Ignore
1711617456
Reply with quote  #2

1711617456
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
Chick
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
July 08, 2011, 12:10:22 AM
 #2

You can now order a yubikey if you have a Mt.Gox account and 29.99 USD or equivalent in bitcoins.

You can just login to Mt.Gox and click on "order a yubikey".

For the past weeks we have been focusing on improving the security on our site, both on our side, and on our users' side.

We have tested various options, and the yubikey was chosen as it is cost-effective and secure. Each time you use it, a 44 characters long code is inputted by your yubikey on your keyboard. This string is in fact the hexadecimal representation of an AES128 encrypted message that allows us to certify you are indeed you.

We will start shipping those today to people who have already ordered, and hve some stocks for the next days. So far it is difficult to know exactly how many people will order, swhich make it difficult to provide an estimate. We will  update as we receive more orders on the shipping delays.

When shipped you receive an URL to track your package.

Awesome!

terrytibbs
Hero Member
*****
Offline Offline

Activity: 560
Merit: 501



View Profile
July 08, 2011, 12:13:16 AM
 #3

Where do I order one?
Chick
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
July 08, 2011, 12:13:48 AM
 #4

Where do I order one?

Readers never read...

terrytibbs
Hero Member
*****
Offline Offline

Activity: 560
Merit: 501



View Profile
July 08, 2011, 12:16:16 AM
 #5

Gah, I see it now!

Now shut up.
BitcoinPorn
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500


Posts: 69


View Profile WWW
July 08, 2011, 11:32:20 AM
 #6

Quote
The yubikey is a small USB dongle from Yubico which generates one-time passwords (OTPs) and pretends to be a USB keyboard in order to enter the OTP into the keyboard datastream. I found out about them by chance - I can't remember how - and decided to buy one for experimentation. A major feature is that, having neither a real-time clock nor a display and thus needing no batteries either, they're really rather cheap. Including postage, mine cost less than £20, and you definitely won't get a SecurID dongle for that. Also, all the yubikey back-end software is generally available under GPL or other free licences; the security is your responsibility, not someone else's.

I say "more-secure" not "secure" in the title because it looks as if it'll still be single-factor authentication, as right now not all methods of validating the yubikey OTP support the use of a personal PIN as well. But yubikey authentication is still much better than straight username-password as the dongle is not easily copied, and the OTP data is, well, only usable once.

Not that this is a major issue, but I must confess that another attraction of the yubikey is that, it being lightweight and thin, I can wear it around my neck like a sort of digital dog-tag. Geek marine! Semper pinguis!

http://www.teaparty.net/technotes/yubikey.html

In case I wasn't the only one not fully familiar with this type of  product.

jacoder
Newbie
*
Offline Offline

Activity: 45
Merit: 0


View Profile
July 08, 2011, 12:26:50 PM
 #7

20$? In my order I see zero$,  am I lucky?
BitcoinCyberStore.com
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile WWW
July 08, 2011, 01:27:09 PM
 #8

From MTGOX notice:

Quote
Please note that our Yubikey can only be used with Mt.Gox.

From what I understand about Yubikey, there are two modes of operation... OTP mode where the password changes all the time... and "Static" mode where a frozen OTP is output when you press/hold the button.

While I'm sure the OTP mode is "locked into MTGOX", the "static mode" will work for you in other cases, as long as you append the 44 digit "frozen" string with your own easy to remember password. This is pretty close to two-factor authentication.

But for $25, you can get your own yubikey (from yubico) and get the OTP mode for your own use and possibly be able to use the "almost two-factor authentication" at MTGOX.

I've recently ordered 3 of them from Yubico for me and my family.
angelo95
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
July 08, 2011, 01:34:01 PM
 #9

I have to say kudos to MtGox this time. They were bad on security but this is a proof that they try to improve and I notice that.
kiwiasian
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
July 08, 2011, 01:43:04 PM
 #10

Just logged in to my account with Yubikey. So I'm assuming my account has been tied to my key. Is two-factor withdrawal authentication automaticay enabled now?

Tradehill referral link, save 10% | http://www.tradehill.com/?r=TH-R12328
www.payb.tc/kiwiasian | 1LHNW1JGMBo2e7rKiiFz7KJPKE57bqCdEC
WakiMiko
Newbie
*
Offline Offline

Activity: 59
Merit: 0



View Profile
July 08, 2011, 02:04:34 PM
 #11

From http://www.teaparty.net/technotes/yubikey.html:
Quote
I'll explain this in more detail later, but one nice wrinkle of the v2 yubikeys is that they support two profiles, which I shall refer to as slot-1 and slot-2. In use, these are differentiated by length of touch on the sensor; a quick press generates a token from the slot-1 data, a press of 3-4 seconds generates one from slot-2 data. Their website doesn't make clear, but their tech support confirms, that both slots can be in OTP mode. I intend to use slot-1 myself; I'll keep the AES key secret, and build my own authentication servers. But I intend to upload slot-2's AES key to yubikey, and use the infrastructure they provide when authenticating to the world.

Is it possible to use the 2nd slot for other applications when ordering from MtGox, or will the 2nd slot be disabled? Can I overwrite the MtGox AES key and essentially lock myself out?
Littleshop
Legendary
*
Offline Offline

Activity: 1386
Merit: 1003



View Profile WWW
July 08, 2011, 06:33:17 PM
 #12

You can now order a yubikey if you have a Mt.Gox account and 29.99 USD or equivalent in bitcoins.

You can just login to Mt.Gox and click on "order a yubikey".

For the past weeks we have been focusing on improving the security on our site, both on our side, and on our users' side.

We have tested various options, and the yubikey was chosen as it is cost-effective and secure. Each time you use it, a 44 characters long code is inputted by your yubikey on your keyboard. This string is in fact the hexadecimal representation of an AES128 encrypted message that allows us to certify you are indeed you.

We will start shipping those today to people who have already ordered, and hve some stocks for the next days. So far it is difficult to know exactly how many people will order, swhich make it difficult to provide an estimate. We will  update as we receive more orders on the shipping delays.

When shipped you receive an URL to track your package.
Does it work on a mac?

BitcoinCyberStore.com
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile WWW
July 08, 2011, 06:44:53 PM
 #13

Does it work on a mac?
Yubikey is a USB device that acts like a standard USB keyboard. Should work automatically on any platform.
SlipperySlope
Hero Member
*****
Offline Offline

Activity: 686
Merit: 501

Stephen Reed


View Profile
July 08, 2011, 07:01:50 PM
 #14

I would like it to work with the Mt Gox Trading API.
barbarousrelic
Hero Member
*****
Offline Offline

Activity: 675
Merit: 502


View Profile
July 08, 2011, 08:53:35 PM
 #15

It would be even better if this key could be incorporated with the Bitcoin client itself.

Do not waste your time debating whether Bitcoin can work. It does work.

"Early adopters will profit" is not a sufficient condition to classify something as a pyramid or Ponzi scheme. If it was, Apple and Microsoft stock are Ponzi schemes.

There is no such thing as "market manipulation." There is only buying and selling.
hashme
Member
**
Offline Offline

Activity: 115
Merit: 10


View Profile
July 08, 2011, 09:08:18 PM
 #16

I would like it to work with the Mt Gox Trading API.
+1

I pay back 50% commissions to my referrals
https://www.okcoin.com/?invid=2013370
Fair sites only.
lebish
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
July 08, 2011, 09:25:08 PM
 #17

Does it work on a mac?

Yes, I use it for other projects with my Macs.
MagicalTux (OP)
VIP
Hero Member
*
Offline Offline

Activity: 608
Merit: 501


-


View Profile
July 09, 2011, 06:09:51 AM
 #18

what's the deal with those of us who already have a standard yubikey and want to use it with mtgox's?

The yubikeys we are providing at this point are locked with both slots reserved for Mt.Gox.

Both slots are blocked and limited to Mt.Gox, however we will offer at some point the ability to unlink a key, which would then allow to retrieve the key's codes.

We will also open the ability to use yubicloud keys for protection.

I would like to provide notice, however, than using the same key on different websites opens a serious security risk if you are not confident on each site's trustworthiness. A site could - for example - show "yubikey compatible" on its page but in fact use the OTP you provide it to identify itself on a different yubicloud-enabled site and do bad things there. This wouldn't be really hard to do, but could be really bad depending on the attacked website.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!