Bitcoin Forum
November 11, 2024, 11:12:50 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: You are eligible for a free Yubikey!  (Read 5770 times)
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
June 27, 2012, 08:10:03 PM
 #21

It's not volume-related, and being "old school" has nothing to do with it either. Free Yubikeys are given to people who had a transaction rolled back back when prices dropped to $0.01
You, sir, are a bullshitter.
Read the post date - August 2011. It was true then, although it may be unrelated now. It's a shame that they have to give them away instead of people being smart enough to order them in the first place. They really don't cost much when you buy them, but it does cost mtgox a lot just to give them away en masse.

My understanding was that a MtGox Yubikey was a Yubikey with an AES key put into it by MtGox.  Actually, that's two AES keys - one for the short press (logging in), and one for the long press (withdrawing funds).

AES is a symmetric algorithm - in this case, I understand this to mean that MtGox and the key know the same secret number.

That said, I don't understand how can a third party make use of a MtGox Yubikey without knowing that number?
I believe that you can validate against a given authentication server without needing to know the secret.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Soros Shorts
Donator
Legendary
*
Offline Offline

Activity: 1617
Merit: 1012



View Profile
June 27, 2012, 10:13:20 PM
 #22

My understanding was that a MtGox Yubikey was a Yubikey with an AES key put into it by MtGox.  Actually, that's two AES keys - one for the short press (logging in), and one for the long press (withdrawing funds).

AES is a symmetric algorithm - in this case, I understand this to mean that MtGox and the key know the same secret number.

That said, I don't understand how can a third party make use of a MtGox Yubikey without knowing that number?
I believe that you can validate against a given authentication server without needing to know the secret.
Yes. The same way that you can authenticate a generic Yubikey against the YubiCloud without knowing the private key that is pre-programmed in the 1st slot, you should be able to authenticate a Mt.Gox Yubikey if you have been given access to their authentication server.
P_Shep
Legendary
*
Offline Offline

Activity: 1795
Merit: 1208


This is not OK.


View Profile
June 27, 2012, 10:54:56 PM
 #23

I got one too.... Dunno if I'll use it (eggs/basket etc), but it's free Smiley
RodeoX
Legendary
*
Offline Offline

Activity: 3066
Merit: 1147


The revolution will be monetized!


View Profile
June 27, 2012, 11:38:37 PM
 #24

Are we 100% sure this is from Mt.Gox and not a phishing expedition.

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf
Free bitcoin in ? - Stay tuned for this years Bitcoin hunt!
RodeoX
Legendary
*
Offline Offline

Activity: 3066
Merit: 1147


The revolution will be monetized!


View Profile
June 27, 2012, 11:46:59 PM
 #25

Are we 100% sure this is from Mt.Gox and not a phishing expedition.

LoL....yes 100% sure.  I didn't click the link in the email, I went to my browser and typed in the address.  Logged in and gave my coupon code under buy a yubikey.
Thanks. Just in case I get such an offer. Cry   

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf
Free bitcoin in ? - Stay tuned for this years Bitcoin hunt!
Seal
Donator
Hero Member
*
Offline Offline

Activity: 848
Merit: 1078


View Profile WWW
June 28, 2012, 07:07:48 AM
 #26

I got a free one from Gox too 2-3 months ago. They sent it straight from Japan in some cool Japanese envelopes with a crazy amount of tickboxes on it. (all the customs declarations)

DefiDive - Filter the noise
A clean crypto asset management terminal
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
June 29, 2012, 01:41:38 AM
 #27

I got a free one from Gox too 2-3 months ago. They sent it straight from Japan in some cool Japanese envelopes with a crazy amount of tickboxes on it. (all the customs declarations)
Grin I actually paid for mine, and I got 2 in the mail, one had someone else's name lol. Whoops.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 501


There is more to Bitcoin than bitcoins.


View Profile
June 29, 2012, 09:55:30 PM
 #28

Alright, yubikey will protect my account in case a keylogger is running on my computer. Is that all? How about the security of gox android app?

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
Grouver (BtcBalance)
Hero Member
*****
Offline Offline

Activity: 530
Merit: 500



View Profile WWW
July 03, 2012, 11:16:48 AM
 #29

Also arrived in Holland. Thanks Mtgox. Though, it's not working for some reason. It's not generating a OTP. =/

rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
July 03, 2012, 01:01:27 PM
 #30

Also arrived in Holland. Thanks Mtgox. Though, it's not working for some reason. It's not generating a OTP. =/
Make sure the USB keyboard driver gets installed when you plug it in. It might take a few seconds to be detected. You can play with it in an instance of a text editor such as notepad. A short press means hold for half a second, you can't just tap it real quick. A long press means hold it for 3.5 sec or so, but if you hold it too long it might not go.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Grouver (BtcBalance)
Hero Member
*****
Offline Offline

Activity: 530
Merit: 500



View Profile WWW
July 03, 2012, 01:28:49 PM
 #31

Also arrived in Holland. Thanks Mtgox. Though, it's not working for some reason. It's not generating a OTP. =/
Make sure the USB keyboard driver gets installed when you plug it in. It might take a few seconds to be detected. You can play with it in an instance of a text editor such as notepad. A short press means hold for half a second, you can't just tap it real quick. A long press means hold it for 3.5 sec or so, but if you hold it too long it might not go.
Where can I find this driver? It's not on the homepage of yubico for instance.

rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
July 03, 2012, 01:39:07 PM
 #32

Also arrived in Holland. Thanks Mtgox. Though, it's not working for some reason. It's not generating a OTP. =/
Make sure the USB keyboard driver gets installed when you plug it in. It might take a few seconds to be detected. You can play with it in an instance of a text editor such as notepad. A short press means hold for half a second, you can't just tap it real quick. A long press means hold it for 3.5 sec or so, but if you hold it too long it might not go.
Where can I find this driver? It's not on the homepage of yubico for instance.
It should install itself as a standard USB keyboard or HID device, there isn't a driver to download.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Grouver (BtcBalance)
Hero Member
*****
Offline Offline

Activity: 530
Merit: 500



View Profile WWW
July 03, 2012, 01:46:40 PM
 #33

Also arrived in Holland. Thanks Mtgox. Though, it's not working for some reason. It's not generating a OTP. =/
Make sure the USB keyboard driver gets installed when you plug it in. It might take a few seconds to be detected. You can play with it in an instance of a text editor such as notepad. A short press means hold for half a second, you can't just tap it real quick. A long press means hold it for 3.5 sec or so, but if you hold it too long it might not go.
Where can I find this driver? It's not on the homepage of yubico for instance.
It should install itself as a standard USB keyboard or HID device, there isn't a driver to download.
Thats weird, it's not doing anything when I connect it.
Tried multiple USB input ports.

Edit: nvm.. its working now. Weird.

World
Hero Member
*****
Offline Offline

Activity: 743
Merit: 500



View Profile
July 04, 2012, 09:55:44 AM
 #34

wow very fast delivery just 5 days
arrived today . Thanks Mtgox.

Supporting people with beautiful creative ideas. Bitcoin is because of the developers,exchanges,merchants,miners,investors,users,machines and blockchain technologies work together.
Justin00
Legendary
*
Offline Offline

Activity: 910
Merit: 1000


★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
July 04, 2012, 11:50:16 AM
 #35

Does it actually protect you from key logger  ? Mine gets installed as HID device.. i would imagine key logger could see the output ? same as a keyboard ??

Alright, yubikey will protect my account in case a keylogger is running on my computer. Is that all? How about the security of gox android app?

rate5
Member
**
Offline Offline

Activity: 104
Merit: 100



View Profile
July 04, 2012, 12:56:19 PM
 #36

Does it actually protect you from key logger  ? Mine gets installed as HID device.. i would imagine key logger could see the output ? same as a keyboard ??

Alright, yubikey will protect my account in case a keylogger is running on my computer. Is that all? How about the security of gox android app?

The idea behind it is that each password it generates can only used one time.  Every time you press that button a new password is generated, and as long as the most recent one was used to log into Mt.Gox any old ones will be invalid.  Someone will need physical access to your yubikey to log into your account.

However if you like to play around with your new yubikey and watch it type random passwords in notepad, an attacker could use one of these passwords to log into your account.  Always make sure you log into your Mt.Gox account with the last password generated by your yubikey and do not generate any more yubikey passwords after you log in!
niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 501


There is more to Bitcoin than bitcoins.


View Profile
July 04, 2012, 02:54:59 PM
 #37

Does it actually protect you from key logger  ? Mine gets installed as HID device.. i would imagine key logger could see the output ? same as a keyboard ??

Alright, yubikey will protect my account in case a keylogger is running on my computer. Is that all? How about the security of gox android app?

The idea behind it is that each password it generates can only used one time.  Every time you press that button a new password is generated, and as long as the most recent one was used to log into Mt.Gox any old ones will be invalid.  Someone will need physical access to your yubikey to log into your account.

However if you like to play around with your new yubikey and watch it type random passwords in notepad, an attacker could use one of these passwords to log into your account.  Always make sure you log into your Mt.Gox account with the last password generated by your yubikey and do not generate any more yubikey passwords after you log in!

Good point. On a related note, how much ahead from the last used password does their server try going to match my input? If I use the otp once, log off, then generate a seqence of 15 OTPs offline, will gox keep going 16 times the next time I log in? Or does yubi broadcast a serial number with the OTP?

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
July 04, 2012, 03:02:37 PM
 #38

Does it actually protect you from key logger  ? Mine gets installed as HID device.. i would imagine key logger could see the output ? same as a keyboard ??

Alright, yubikey will protect my account in case a keylogger is running on my computer. Is that all? How about the security of gox android app?

The idea behind it is that each password it generates can only used one time.  Every time you press that button a new password is generated, and as long as the most recent one was used to log into Mt.Gox any old ones will be invalid.  Someone will need physical access to your yubikey to log into your account.

However if you like to play around with your new yubikey and watch it type random passwords in notepad, an attacker could use one of these passwords to log into your account.  Always make sure you log into your Mt.Gox account with the last password generated by your yubikey and do not generate any more yubikey passwords after you log in!

Good point. On a related note, how much ahead from the last used password does their server try going to match my input? If I use the otp once, log off, then generate a seqence of 15 OTPs offline, will gox keep going 16 times the next time I log in? Or does yubi broadcast a serial number with the OTP?
The Yubikey output contains the serial number, an OTP, an incrementing counter, and possibly some other things that I have forgotten. It is not time limited, so you could generate (say) 15 OTPs in a row from an offline computer, and record them on a bit of paper for later use, as long as they were used sequentially. This would work, but it would be tedious to type in every time.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 501


There is more to Bitcoin than bitcoins.


View Profile
July 04, 2012, 05:39:04 PM
 #39

Does it actually protect you from key logger  ? Mine gets installed as HID device.. i would imagine key logger could see the output ? same as a keyboard ??

Alright, yubikey will protect my account in case a keylogger is running on my computer. Is that all? How about the security of gox android app?

The idea behind it is that each password it generates can only used one time.  Every time you press that button a new password is generated, and as long as the most recent one was used to log into Mt.Gox any old ones will be invalid.  Someone will need physical access to your yubikey to log into your account.

However if you like to play around with your new yubikey and watch it type random passwords in notepad, an attacker could use one of these passwords to log into your account.  Always make sure you log into your Mt.Gox account with the last password generated by your yubikey and do not generate any more yubikey passwords after you log in!

Good point. On a related note, how much ahead from the last used password does their server try going to match my input? If I use the otp once, log off, then generate a seqence of 15 OTPs offline, will gox keep going 16 times the next time I log in? Or does yubi broadcast a serial number with the OTP?
The Yubikey output contains the serial number, an OTP, an incrementing counter, and possibly some other things that I have forgotten. It is not time limited, so you could generate (say) 15 OTPs in a row from an offline computer, and record them on a bit of paper for later use, as long as they were used sequentially. This would work, but it would be tedious to type in every time.

Got it, the counter. Thanks.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
July 04, 2012, 05:44:36 PM
 #40

The Yubikey output contains the serial number, an OTP, an incrementing counter, and possibly some other things that I have forgotten. It is not time limited, so you could generate (say) 15 OTPs in a row from an offline computer, and record them on a bit of paper for later use, as long as they were used sequentially. This would work, but it would be tedious to type in every time.

Got it, the counter. Thanks.
The other thing is that you can skip OTPs if you want to, because of that counter. Therefore, you could generate a bunch of keys, but as soon as you used key #15 from the example above, all the previous ones would become invalid unless you had used them in sequence.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!