YubiKey

Discussion in 'privacy general' started by snowdrift, May 14, 2009.

Thread Status:
Not open for further replies.
  1. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
  2. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I remember reading about the YubiKey some time ago and had forgotten about it. Thanks for the post! If we try it, we don't have a lot to lose at $25. It doesn't seem to have a lot of sites for use, but the TrueCrypt capability could be worth the price on its own. Love the OTP. Here's a good article from Tech Republic:
    http://blogs.techrepublic.com.com/security/?p=899

    Thanks again!
     
  3. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    I admit I am too lazy to go search how you can use a YubbiKey with Truecrypt... will you tell me about it? :)

    Also, if you are going to use it mainly for TrueCrpyt, I advice the use of a token such the Aladdin eToken. It might be not unbreakable (although I don't know of any attack able to extract keys from it without knowing the password), but surely qutie secure.
     
  4. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    There are plenty of good videos on YouTube on how to use the YubiKey as well as their site at yubico.com.

    I am not pushing the product... but am grappling with needing a physical device beyond what I use. That could just end up being a pain.

    I guess it's a balance. My TC passphrase is:

    Length: 36
    Strength: Strong - This password is typically good enough to safely guard sensitive information like financial records.
    Entropy: 111.6 bits
    Charset Size: 93 characters

    so I end up asking myself... how much more is needed?
     
  5. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    Your password is not crackable, but it might get stolen, unless you use it only in an environment totally secure under the physical point of view (I am not considering using it on a compromised machine, although it might be considered as well). The use of a physical device protects you against a different vector of attacks.
    When starting to use a token, is not when you are supposed to make your password less secure.
     
  6. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    The other thing... it's cute as hell.
     
    Last edited: May 15, 2009
  7. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    Well, I ordered a YubiKey today. I will let you know how I like it once I get it.
     
Thread Status:
Not open for further replies.