[clug] Yubikeys - group purchase?

Adam Thomas adam.lloyd at gmail.com
Wed Apr 29 05:07:50 GMT 2009

On Wed, Apr 29, 2009 at 02:36:44PM +1000, Robert Edwards wrote:
> Miles Goodhew wrote:
>> Hola!,
>>     <disclaimer>
>>     This email solicits money from people for tangible goods. I will 
>> not make a profit from the transaction, I just want to help out other  
>> CLUGgers reduce costs while getting learning aids/geek toys. I also 
>> have no financial interest in the manufacturer, Yubico. If this premise 
>> is not to your taste, please stop reading now.
>>     </itsnotspamitsham>
>>     You may remember Bob Edwards and Mike Carden banging-on about  
>> Yubikeys (http://www.yubico.com/) earlier this month.
>>     I had never heard of them before then, but really like the concept  
>> and implementation. So I want to get one or two keys to test-out for  
>> work purposes and was wondering if anybody else wanted to pitch-in on a 
>> group order. Keys are normally US$25, but drop to US$20 in 10's, US$15  
>> in 100's, etc. Plus the freight cost of US$15 is split (for orders 
>> up-to 500 keys).
>>     How they'd get distributed is another thing as I'm in Sydney most 
>> of the week (It's a satellite suburb to the North of Canberra you may 
>> not have heard of), I'm happy to organise an order and forward-on the  
>> remainder to someone who _would_ be at a CLUG meeting for  
>> redistribution. Alternatively someone might want to to the complement  
>> and organise the order/distribution themselves and I can make other  
>> arrangements to get my keys.
>>     Any interest or volunteering?
>> THX 1138,
>> M0les.
> Speaking of which, mine just arrived (about 3 weeks after ordering
> them). I got 10, but they all belong to the ANU, who would find it
> very difficult to "on-sell". Initial testing reveals that at least
> two of them work as expected...
> I also have an outstanding query with Yubico about solutions for
> PDAs, in particular iPhones and Symbian OS based devices (like my
> Nokia E71). Two possibilities come to mind:
>  - some sort of applet/widget that implements the Yubikey protocol
> 	(open source) in software and just requires some sort of
> 	PIN to unlock

Wouldn't this defeat the purpose of having the physical token? You
would just be going back to single factor auth (something you know)

You'd also need to store the secret key on the PDA, if an attacker got
access to the PDA they could get the secret key which would make the
token associated with that key insecure.

>  - a bluetooth Yubikey that looks like a bluetooth keyboard and
> 	(hopefully) allows multiplexing with whatever other keyboard
> 	widget or device the PDA is currently using

This would be a much better option. Perhaps Yubico could offer a
bluetooth keyboard with the token generator built in if it's not
possible to do multiplexing.

> Anyone aware of any extant solutions for such scenarios?
> Cheers,
> Bob Edwards.
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux

More information about the linux mailing list