Bitcoin Forum
December 08, 2016, 09:57:55 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: You are eligible for a free Yubikey!  (Read 5054 times)
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
June 27, 2012, 08:10:03 PM
 #21

It's not volume-related, and being "old school" has nothing to do with it either. Free Yubikeys are given to people who had a transaction rolled back back when prices dropped to $0.01
You, sir, are a bullshitter.
Read the post date - August 2011. It was true then, although it may be unrelated now. It's a shame that they have to give them away instead of people being smart enough to order them in the first place. They really don't cost much when you buy them, but it does cost mtgox a lot just to give them away en masse.

My understanding was that a MtGox Yubikey was a Yubikey with an AES key put into it by MtGox.  Actually, that's two AES keys - one for the short press (logging in), and one for the long press (withdrawing funds).

AES is a symmetric algorithm - in this case, I understand this to mean that MtGox and the key know the same secret number.

That said, I don't understand how can a third party make use of a MtGox Yubikey without knowing that number?
I believe that you can validate against a given authentication server without needing to know the secret.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
1481191075
Hero Member
*
Offline Offline

Posts: 1481191075

View Profile Personal Message (Offline)

Ignore
1481191075
Reply with quote  #2

1481191075
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Soros Shorts
Donator
Legendary
*
Offline Offline

Activity: 1458



View Profile
June 27, 2012, 10:13:20 PM
 #22

My understanding was that a MtGox Yubikey was a Yubikey with an AES key put into it by MtGox.  Actually, that's two AES keys - one for the short press (logging in), and one for the long press (withdrawing funds).

AES is a symmetric algorithm - in this case, I understand this to mean that MtGox and the key know the same secret number.

That said, I don't understand how can a third party make use of a MtGox Yubikey without knowing that number?
I believe that you can validate against a given authentication server without needing to know the secret.
Yes. The same way that you can authenticate a generic Yubikey against the YubiCloud without knowing the private key that is pre-programmed in the 1st slot, you should be able to authenticate a Mt.Gox Yubikey if you have been given access to their authentication server.
P_Shep
Legendary
*
Offline Offline

Activity: 924


View Profile WWW
June 27, 2012, 10:54:56 PM
 #23

I got one too.... Dunno if I'll use it (eggs/basket etc), but it's free Smiley
officialsavage
Full Member
***
Offline Offline

Activity: 154



View Profile
June 27, 2012, 11:09:43 PM
 #24

I got this same email and made the order.  Already was using google authenticator but will add yubikey as well.  Better safe than sorry.
RodeoX
Legendary
*
Offline Offline

Activity: 2114


The revolution will be monetized!


View Profile
June 27, 2012, 11:38:37 PM
 #25

Are we 100% sure this is from Mt.Gox and not a phishing expedition.

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

Free bitcoin=https://bitcointalk.org/index.php?topic=1610684
officialsavage
Full Member
***
Offline Offline

Activity: 154



View Profile
June 27, 2012, 11:41:46 PM
 #26

Are we 100% sure this is from Mt.Gox and not a phishing expedition.

LoL....yes 100% sure.  I didn't click the link in the email, I went to my browser and typed in the address.  Logged in and gave my coupon code under buy a yubikey.
RodeoX
Legendary
*
Offline Offline

Activity: 2114


The revolution will be monetized!


View Profile
June 27, 2012, 11:46:59 PM
 #27

Are we 100% sure this is from Mt.Gox and not a phishing expedition.

LoL....yes 100% sure.  I didn't click the link in the email, I went to my browser and typed in the address.  Logged in and gave my coupon code under buy a yubikey.
Thanks. Just in case I get such an offer. Cry   

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

Free bitcoin=https://bitcointalk.org/index.php?topic=1610684
Seal
Donator
Hero Member
*
Offline Offline

Activity: 833


View Profile WWW
June 28, 2012, 07:07:48 AM
 #28

I got a free one from Gox too 2-3 months ago. They sent it straight from Japan in some cool Japanese envelopes with a crazy amount of tickboxes on it. (all the customs declarations)

rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
June 29, 2012, 01:41:38 AM
 #29

I got a free one from Gox too 2-3 months ago. They sent it straight from Japan in some cool Japanese envelopes with a crazy amount of tickboxes on it. (all the customs declarations)
Grin I actually paid for mine, and I got 2 in the mail, one had someone else's name lol. Whoops.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
June 29, 2012, 09:55:30 PM
 #30

Alright, yubikey will protect my account in case a keylogger is running on my computer. Is that all? How about the security of gox android app?

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
Grouver (BtcBalance)
Hero Member
*****
Offline Offline

Activity: 530



View Profile WWW
July 03, 2012, 11:16:48 AM
 #31

Also arrived in Holland. Thanks Mtgox. Though, it's not working for some reason. It's not generating a OTP. =/

rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
July 03, 2012, 01:01:27 PM
 #32

Also arrived in Holland. Thanks Mtgox. Though, it's not working for some reason. It's not generating a OTP. =/
Make sure the USB keyboard driver gets installed when you plug it in. It might take a few seconds to be detected. You can play with it in an instance of a text editor such as notepad. A short press means hold for half a second, you can't just tap it real quick. A long press means hold it for 3.5 sec or so, but if you hold it too long it might not go.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Grouver (BtcBalance)
Hero Member
*****
Offline Offline

Activity: 530



View Profile WWW
July 03, 2012, 01:28:49 PM
 #33

Also arrived in Holland. Thanks Mtgox. Though, it's not working for some reason. It's not generating a OTP. =/
Make sure the USB keyboard driver gets installed when you plug it in. It might take a few seconds to be detected. You can play with it in an instance of a text editor such as notepad. A short press means hold for half a second, you can't just tap it real quick. A long press means hold it for 3.5 sec or so, but if you hold it too long it might not go.
Where can I find this driver? It's not on the homepage of yubico for instance.

rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
July 03, 2012, 01:39:07 PM
 #34

Also arrived in Holland. Thanks Mtgox. Though, it's not working for some reason. It's not generating a OTP. =/
Make sure the USB keyboard driver gets installed when you plug it in. It might take a few seconds to be detected. You can play with it in an instance of a text editor such as notepad. A short press means hold for half a second, you can't just tap it real quick. A long press means hold it for 3.5 sec or so, but if you hold it too long it might not go.
Where can I find this driver? It's not on the homepage of yubico for instance.
It should install itself as a standard USB keyboard or HID device, there isn't a driver to download.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Grouver (BtcBalance)
Hero Member
*****
Offline Offline

Activity: 530



View Profile WWW
July 03, 2012, 01:46:40 PM
 #35

Also arrived in Holland. Thanks Mtgox. Though, it's not working for some reason. It's not generating a OTP. =/
Make sure the USB keyboard driver gets installed when you plug it in. It might take a few seconds to be detected. You can play with it in an instance of a text editor such as notepad. A short press means hold for half a second, you can't just tap it real quick. A long press means hold it for 3.5 sec or so, but if you hold it too long it might not go.
Where can I find this driver? It's not on the homepage of yubico for instance.
It should install itself as a standard USB keyboard or HID device, there isn't a driver to download.
Thats weird, it's not doing anything when I connect it.
Tried multiple USB input ports.

Edit: nvm.. its working now. Weird.

World
Hero Member
*****
Offline Offline

Activity: 746



View Profile
July 04, 2012, 09:55:44 AM
 #36

wow very fast delivery just 5 days
arrived today . Thanks Mtgox.

Supporting people with beautiful creative ideas. Bitcoin is because of the developers,exchanges,merchants,miners,investors,users,machines and blockchain technologies work together.
Justin00
Legendary
*
Offline Offline

Activity: 910


★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
July 04, 2012, 11:50:16 AM
 #37

Does it actually protect you from key logger  ? Mine gets installed as HID device.. i would imagine key logger could see the output ? same as a keyboard ??

Alright, yubikey will protect my account in case a keylogger is running on my computer. Is that all? How about the security of gox android app?

rate5
Full Member
***
Offline Offline

Activity: 147


PGP 0x28F5EC01


View Profile WWW
July 04, 2012, 12:56:19 PM
 #38

Does it actually protect you from key logger  ? Mine gets installed as HID device.. i would imagine key logger could see the output ? same as a keyboard ??

Alright, yubikey will protect my account in case a keylogger is running on my computer. Is that all? How about the security of gox android app?

The idea behind it is that each password it generates can only used one time.  Every time you press that button a new password is generated, and as long as the most recent one was used to log into Mt.Gox any old ones will be invalid.  Someone will need physical access to your yubikey to log into your account.

However if you like to play around with your new yubikey and watch it type random passwords in notepad, an attacker could use one of these passwords to log into your account.  Always make sure you log into your Mt.Gox account with the last password generated by your yubikey and do not generate any more yubikey passwords after you log in!

Buy domain names with Bitcoin!  domains4bitcoins.com  - Free Privacy Protection, DNS, Domain Forwarding, Mail Forwarding, & Domain Theft Protection!  Cool
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
July 04, 2012, 02:54:59 PM
 #39

Does it actually protect you from key logger  ? Mine gets installed as HID device.. i would imagine key logger could see the output ? same as a keyboard ??

Alright, yubikey will protect my account in case a keylogger is running on my computer. Is that all? How about the security of gox android app?

The idea behind it is that each password it generates can only used one time.  Every time you press that button a new password is generated, and as long as the most recent one was used to log into Mt.Gox any old ones will be invalid.  Someone will need physical access to your yubikey to log into your account.

However if you like to play around with your new yubikey and watch it type random passwords in notepad, an attacker could use one of these passwords to log into your account.  Always make sure you log into your Mt.Gox account with the last password generated by your yubikey and do not generate any more yubikey passwords after you log in!

Good point. On a related note, how much ahead from the last used password does their server try going to match my input? If I use the otp once, log off, then generate a seqence of 15 OTPs offline, will gox keep going 16 times the next time I log in? Or does yubi broadcast a serial number with the OTP?

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
July 04, 2012, 03:02:37 PM
 #40

Does it actually protect you from key logger  ? Mine gets installed as HID device.. i would imagine key logger could see the output ? same as a keyboard ??

Alright, yubikey will protect my account in case a keylogger is running on my computer. Is that all? How about the security of gox android app?

The idea behind it is that each password it generates can only used one time.  Every time you press that button a new password is generated, and as long as the most recent one was used to log into Mt.Gox any old ones will be invalid.  Someone will need physical access to your yubikey to log into your account.

However if you like to play around with your new yubikey and watch it type random passwords in notepad, an attacker could use one of these passwords to log into your account.  Always make sure you log into your Mt.Gox account with the last password generated by your yubikey and do not generate any more yubikey passwords after you log in!

Good point. On a related note, how much ahead from the last used password does their server try going to match my input? If I use the otp once, log off, then generate a seqence of 15 OTPs offline, will gox keep going 16 times the next time I log in? Or does yubi broadcast a serial number with the OTP?
The Yubikey output contains the serial number, an OTP, an incrementing counter, and possibly some other things that I have forgotten. It is not time limited, so you could generate (say) 15 OTPs in a row from an offline computer, and record them on a bit of paper for later use, as long as they were used sequentially. This would work, but it would be tedious to type in every time.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!