[clug] Yubikeys - group purchase?

Robert Edwards bob at cs.anu.edu.au
Wed Apr 29 05:52:33 GMT 2009

Adam Thomas wrote:
> On Wed, Apr 29, 2009 at 02:36:44PM +1000, Robert Edwards wrote:
>> I also have an outstanding query with Yubico about solutions for
>> PDAs, in particular iPhones and Symbian OS based devices (like my
>> Nokia E71). Two possibilities come to mind:
>>  - some sort of applet/widget that implements the Yubikey protocol
>> 	(open source) in software and just requires some sort of
>> 	PIN to unlock
> Wouldn't this defeat the purpose of having the physical token? You
> would just be going back to single factor auth (something you know)
> You'd also need to store the secret key on the PDA, if an attacker got
> access to the PDA they could get the secret key which would make the
> token associated with that key insecure.

I was thinking of something like encrypting the secret key with a PIN.
So the attacker would need physical access to the phone/PDA (generally
well guarded by most users) and to know the PIN to unlock the secret
key. If the phone/PDA is lost, it is little different than a Yubikey
being lost - it would need to be disabled at the authentication


Bob Edwards.

More information about the linux mailing list