[clug] Yubikeys - group purchase (linux Digest, Vol 76, Issue 46, message 1)

Miles Goodhew mgoodhew at gmail.com
Wed Apr 29 11:34:51 GMT 2009

> Date: Wed, 29 Apr 2009 15:07:50 +1000
> From: Adam Thomas <adam.lloyd at gmail.com>
> Message-ID: <20090429050750.GA20734 at serenity.borg>
> On Wed, Apr 29, 2009 at 02:36:44PM +1000, Robert Edwards wrote:
>> I also have an outstanding query with Yubico about solutions for
>> PDAs, in particular iPhones and Symbian OS based devices (like my
>> Nokia E71). Two possibilities come to mind:
>>  - some sort of applet/widget that implements the Yubikey protocol
>>       (open source) in software and just requires some sort of
>>       PIN to unlock
> Wouldn't this defeat the purpose of having the physical token? You
> would just be going back to single factor auth (something you know)
> You'd also need to store the secret key on the PDA, if an attacker got
> access to the PDA they could get the secret key which would make the
> token associated with that key insecure.

  Yeah, one of the attractions of the USB Yubikey is that it should be
reasonably tamper-resistant, but the relative complexity and
network-connectivity (and hence insecurity) of a mobile phone OS would
mean someone might be able to steal your secret (key/random) more
  It should be significantly harder to clone a Yubikey.

>>  - a bluetooth Yubikey that looks like a bluetooth keyboard and
>>       (hopefully) allows multiplexing with whatever other keyboard
>>       widget or device the PDA is currently using
> This would be a much better option. Perhaps Yubico could offer a
> bluetooth keyboard with the token generator built in if it's not
> possible to do multiplexing.

  Hm, I imagineed one of the goals was to have something easily
transportable on your person (like an actual key). I don't fancy th
thought of having to carry around a full keyboard with me to prove who
I was - especially one that's big/good enough to be usable.
  The "single button" bluetooth KB has the pairing/connection issues I
mentioned in another email (again, depends on the specifics of the
System in question, I suppose).


Miles Goodhew,
Computer Scientist

More information about the linux mailing list