|
finway (OP)
|
 |
January 06, 2012, 05:23:35 AM |
|
I mean, can yubikey be copied?
blockchain.info can make use of a MtGox yubikey, so i guess?
|
|
|
|
|
|
|
|
|
|
|
Bitcoin mining is now a specialized and very risky industry, just like gold mining. Amateur miners are unlikely to make much money, and may even lose money. Bitcoin is much more than just mining, though!
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
theymos
Administrator
Legendary
 Offline
Activity: 5180
Merit: 12900
|
|
January 06, 2012, 05:29:07 AM |
|
The Yubikey output can't be reused, but malware can withdraw everything once you've logged in.
Edit: Actually, another Yubikey press is required for withdrawal, so you'd have to be withdrawing for the malware to steal your money.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
Maged
Legendary
Offline
Activity: 1204
Merit: 1015
|
|
January 06, 2012, 05:47:54 AM |
|
blockchain.info can make use of a MtGox yubikey, so i guess?
I'm honestly confused about how they do that. |
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
January 06, 2012, 05:49:33 AM |
|
The Yubikey output can't be reused, but malware can withdraw everything once you've logged in.
Edit: Actually, another Yubikey press is required for withdrawal, so you'd have to be withdrawing for the malware to steal your money.
Further, withdrawal requires a different YubiKey press. YubiKey has two keys in it, one used when you briefly press the button, the other used when you hold it down. The long press is needed for withdrawals. |
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|
finway (OP)
|
|
January 06, 2012, 06:30:00 AM |
|
So logining in need one short press, and withdrawing need one long press. But can yubikey be copied? Software way or Hardware way? The YubiKey provides strong two-factor authentication, combining something you know (a password) with something you have (a YubiKey). It protects your online identity from viruses, Trojans and hackers at a security level that can be compared with a smart card. To guarantee a secure life-cycle, the YubiKey is manufactured in Sweden with best practice security processes.
And i am curious about how piuk make use of a MtGox yubikey too. |
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
January 06, 2012, 06:31:47 AM |
|
But can yubikey be copied? Software way or Hardware way?
Yubikey can't be copied. Computer thinks it is a keyboard, not a USB stick. It types a password on your computer when you press its button. Yubikey uses one shared AES key for each of the two modes. The Yubikey knows it, so does MtGox. The keys cannot be read from the Yubikey, but it can be overwritten with new keys with special software. |
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|
finway (OP)
|
|
January 06, 2012, 06:37:48 AM |
|
But can yubikey be copied? Software way or Hardware way?
Yubikey can't be copied. Computer thinks it is a keyboard, not a USB stick. It types a password on your computer when you press its button. Yubikey uses one shared AES key for each of the two modes. The Yubikey knows it, so does MtGox. The keys cannot be read from the Yubikey, but it can be overwritten with new keys with special software. That's neat. Thank you for your elaboration. |
|
|
|
deepceleron
Legendary
Offline
Activity: 1512
Merit: 1025
|
|
January 06, 2012, 06:40:45 AM |
|
Go ahead and type in your password; compromised can mean key logger and screen shots, your wallet file sent to another computer, along with your bookmarks and address book. Hope you didn't use your password anywhere else, or have any btc in your wallet. Yubikey protects against a stolen Mtgox user/pass being able to log into MtGox without the physical fob code, but it doesn't prevent anything else a hacker might want to do.
|
|
|
|
|
|
finway (OP)
|
|
January 06, 2012, 06:50:46 AM |
|
Go ahead and type in your password; compromised can mean key logger and screen shots, your wallet file sent to another computer, along with your bookmarks and address book. Hope you didn't use your password anywhere else, or have any btc in your wallet. Yubikey protects against a stolen Mtgox user/pass being able to log into MtGox without the physical fob code, but it doesn't prevent anything else a hacker might want to do.
Thank you, i'm not hacked. Just want to figure out the question. |
|
|
|
|
