Paul Wouters p...@xelerance.com writes:
On Fri, 8 Oct 2010, Nathanael D. Noblet wrote:
On 10/07/2010 10:58 PM, Paul Wouters wrote:
One usage of yubikey I would like very much is as storage for the AES
encryption key for disk encryption. I'd prefer the disk crypto key to
not be on the disk
Maxim Burgerhout ma...@wzzrd.com writes:
Hi,
I am the maintainer for ykpers and libyubikey for Fedora. It's great
to see Fedora starting to use these nifty devices!
If there is anything I can do to help out and make the use of
Yubikey's in the Fedora project into a success, just holler.
On Fri, Oct 8, 2010 at 16:57, Matthew Miller mat...@mattdm.org wrote:
On Fri, Oct 08, 2010 at 11:47:43AM +0200, Maxim Burgerhout wrote:
If there is anything I can do to help out and make the use of
Yubikey's in the Fedora project into a success, just holler. It might
Fixing the pam module to
On Fri, Oct 08, 2010 at 12:07:34AM -0400, Matthew Miller wrote:
On Thu, Oct 07, 2010 at 11:30:43PM -0400, Toshio Kuratomi wrote:
The newer yubikey hardware has provision for two AES keys but I'm not sure
how that works and whether it actually allows you to use separate keys with
separate
Hi,
I am the maintainer for ykpers and libyubikey for Fedora. It's great
to see Fedora starting to use these nifty devices!
If there is anything I can do to help out and make the use of
Yubikey's in the Fedora project into a success, just holler. It might
be interesting to add a README.Fedora to
On Fri, 8 Oct 2010, Maxim Burgerhout wrote:
Hi,
I am the maintainer for ykpers and libyubikey for Fedora. It's great
to see Fedora starting to use these nifty devices!
If there is anything I can do to help out and make the use of
Yubikey's in the Fedora project into a success, just holler.
On Friday, October 08, 2010 12:06:58 am Paul Wouters wrote:
On Thu, 7 Oct 2010, Mike McGrath wrote:
My understanding on this is, and I reserve the right to misunderstand
this, is that once the AES key is on the yubikey, there is no way to get
it off of there. That key is just used to
On Fri, 8 Oct 2010, Dennis Gilmore wrote:
Even if you use your yubikey with yubicos servers. and auth against multiple
different providers your AES key is never exposed to to any of the places that
you auth to.
That is correct if different service providers auth the OTP against
yubicos
On Fri, Oct 08, 2010 at 11:47:43AM +0200, Maxim Burgerhout wrote:
If there is anything I can do to help out and make the use of
Yubikey's in the Fedora project into a success, just holler. It might
Fixing the pam module to not crash might be good. :)
Have you considerd packaging up the
On 2010-10-08 10:57:16 AM, Matthew Miller wrote:
On Fri, Oct 08, 2010 at 11:47:43AM +0200, Maxim Burgerhout wrote:
If there is anything I can do to help out and make the use of
Yubikey's in the Fedora project into a success, just holler. It might
Fixing the pam module to not crash might be
On Fri, Oct 8, 2010 at 08:48, Paul Wouters p...@xelerance.com wrote:
On Fri, 8 Oct 2010, Dennis Gilmore wrote:
It sounds like you do not fully understand how the yubikeys work. either that
or i dont understand the attack you are describing?
It all comes down to this being based on symmetric
On 10/07/2010 10:58 PM, Paul Wouters wrote:
One usage of yubikey I would like very much is as storage for the AES
encryption key for disk encryption. I'd prefer the disk crypto key to
not be on the disk at all, protected by just a passphrase. It would be
nice to have it on a yubikey instead.
On Fri, 8 Oct 2010, Nathanael D. Noblet wrote:
On 10/07/2010 10:58 PM, Paul Wouters wrote:
One usage of yubikey I would like very much is as storage for the AES
encryption key for disk encryption. I'd prefer the disk crypto key to
not be on the disk at all, protected by just a passphrase. It
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/8/10 2:48 PM, Paul Wouters wrote:
On Fri, 8 Oct 2010, Nathanael D. Noblet wrote:
On 10/07/2010 10:58 PM, Paul Wouters wrote:
One usage of yubikey I would like very much is as storage for the AES
encryption key for disk encryption. I'd
On Fri, 8 Oct 2010, Jesse Keating wrote:
Note that yubikeys are not (yet) usable for this. You cannot request the
AES key from it (AFAIK), only an OTP. And the OTP can also not be used to
unlock
an AES key on the harddisk because it is different for each activation.
Can't you use one of
The Fedora Infrastructure team is happy to announce support for the
hardware key authentication device, the yubikey. Users will be able to
use their own yubikeys to access some Fedora services, like
fedorapeople.org or some web services.
Why have we done this? The main purpose was to provide
On Thu, Oct 07, 2010 at 12:04:49 -0500,
Mike McGrath mmcgr...@redhat.com wrote:
We also decided to allow yubikeys as an authentication option for the
larger community to some hosts and services like fedorapeople.org or
https://admin.fedoraproject.org/community/. When asked for a password,
On Thu, 7 Oct 2010, Bruno Wolff III wrote:
On Thu, Oct 07, 2010 at 12:04:49 -0500,
Mike McGrath mmcgr...@redhat.com wrote:
We also decided to allow yubikeys as an authentication option for the
larger community to some hosts and services like fedorapeople.org or
On Thu, 7 Oct 2010, Mike McGrath wrote:
We also decided to allow yubikeys as an authentication option for the
larger community to some hosts and services like fedorapeople.org or
https://admin.fedoraproject.org/community/. When asked for a password,
just use your yubikey to generate a otp
On Thu, Oct 07, 2010 at 12:04:49PM -0500, Mike McGrath wrote:
Implementation work continues to be discussed and put in please but please
direct any questions or comments to #fedora-admin on irc.freenode.net or
the Infrastructure mailing list -
Hello, synchronicity! I was just looking at this
I'm not a security expert but I understood that the usual way to use
these keys was to have one server that the key authenticates with, and
further sites would be accessible through openID or similar - so the
authentication is always with one server.
Using the same device with mutliple servers is
On Thu, Oct 7, 2010 at 5:51 PM, Paul Wouters p...@xelerance.com wrote:
I have one and I've played with it in fedora. There is however an important
catch. The server and the yubikey share the same AES symmetric key. This means
that if the yubikey is used for multiple sites by one user, that user
On 10/7/2010 12:04, Mike McGrath wrote:
http://fedoraproject.org/wiki/Infrastruture/Yubikey
^^
Typo alert! ;)
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
On Thu, 7 Oct 2010, Mike McLean wrote:
I guess in a way it is like using the same password, but people might not be
thinking of that when they have a device on them that they use.
Wow, that's a serious weakness. Are we sure about this?
On Thu, 7 Oct 2010, Paul Wouters wrote:
On Thu, 7 Oct 2010, Mike McGrath wrote:
We also decided to allow yubikeys as an authentication option for the
larger community to some hosts and services like fedorapeople.org or
https://admin.fedoraproject.org/community/. When asked for a
On 2010-10-07 07:25:47 PM, Mike McLean wrote:
On Thu, Oct 7, 2010 at 5:51 PM, Paul Wouters p...@xelerance.com wrote:
I have one and I've played with it in fedora. There is however an important
catch. The server and the yubikey share the same AES symmetric key. This
means
that if the
On Thu, 7 Oct 2010, Ricky Zhou wrote:
On 2010-10-07 07:25:47 PM, Mike McLean wrote:
On Thu, Oct 7, 2010 at 5:51 PM, Paul Wouters p...@xelerance.com wrote:
I have one and I've played with it in fedora. There is however an
important
catch. The server and the yubikey share the same AES
On Thu, Oct 07, 2010 at 08:54:12PM -0400, Paul Wouters wrote:
I have one and I've played with it in fedora. There is however an important
catch. The server and the yubikey share the same AES symmetric key. This means
that if the yubikey is used for multiple sites by one user, that user is
On Thu, Oct 07, 2010 at 11:30:43PM -0400, Toshio Kuratomi wrote:
The newer yubikey hardware has provision for two AES keys but I'm not sure
how that works and whether it actually allows you to use separate keys with
separate servers. Someone will need to look into this.
Yes, separate keys --
The Fedora Infrastructure team is happy to announce support for the
hardware key authentication device, the yubikey. Users will be able to
use their own yubikeys to access some Fedora services, like
fedorapeople.org or some web services.
Why have we done this? The main purpose was to provide
30 matches
Mail list logo