Bitcoin Forum
December 04, 2016, 08:26:32 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3]  All
  Print  
Author Topic: You are eligible for a free Yubikey!  (Read 5051 times)
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
July 04, 2012, 05:39:04 PM
 #41

Does it actually protect you from key logger  ? Mine gets installed as HID device.. i would imagine key logger could see the output ? same as a keyboard ??

Alright, yubikey will protect my account in case a keylogger is running on my computer. Is that all? How about the security of gox android app?

The idea behind it is that each password it generates can only used one time.  Every time you press that button a new password is generated, and as long as the most recent one was used to log into Mt.Gox any old ones will be invalid.  Someone will need physical access to your yubikey to log into your account.

However if you like to play around with your new yubikey and watch it type random passwords in notepad, an attacker could use one of these passwords to log into your account.  Always make sure you log into your Mt.Gox account with the last password generated by your yubikey and do not generate any more yubikey passwords after you log in!

Good point. On a related note, how much ahead from the last used password does their server try going to match my input? If I use the otp once, log off, then generate a seqence of 15 OTPs offline, will gox keep going 16 times the next time I log in? Or does yubi broadcast a serial number with the OTP?
The Yubikey output contains the serial number, an OTP, an incrementing counter, and possibly some other things that I have forgotten. It is not time limited, so you could generate (say) 15 OTPs in a row from an offline computer, and record them on a bit of paper for later use, as long as they were used sequentially. This would work, but it would be tedious to type in every time.

Got it, the counter. Thanks.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
1480839992
Hero Member
*
Offline Offline

Posts: 1480839992

View Profile Personal Message (Offline)

Ignore
1480839992
Reply with quote  #2

1480839992
Report to moderator
1480839992
Hero Member
*
Offline Offline

Posts: 1480839992

View Profile Personal Message (Offline)

Ignore
1480839992
Reply with quote  #2

1480839992
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480839992
Hero Member
*
Offline Offline

Posts: 1480839992

View Profile Personal Message (Offline)

Ignore
1480839992
Reply with quote  #2

1480839992
Report to moderator
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
July 04, 2012, 05:44:36 PM
 #42

The Yubikey output contains the serial number, an OTP, an incrementing counter, and possibly some other things that I have forgotten. It is not time limited, so you could generate (say) 15 OTPs in a row from an offline computer, and record them on a bit of paper for later use, as long as they were used sequentially. This would work, but it would be tedious to type in every time.

Got it, the counter. Thanks.
The other thing is that you can skip OTPs if you want to, because of that counter. Therefore, you could generate a bunch of keys, but as soon as you used key #15 from the example above, all the previous ones would become invalid unless you had used them in sequence.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
madberry
Newbie
*
Offline Offline

Activity: 29



View Profile
July 04, 2012, 06:31:17 PM
 #43

From the blockchain website:

Quote
Can I use my Mt. Gox Yubikey?
Yes. Be sure to select "Mt Gox Yubikey" in the Two factor authentication select box.

Have any spare coins? I'll take them:
18R28KTmwfR17EGGw9SFjoEzpWLvJAfmrT
Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!