Comments on: Yubikey and OpenID http://www.superbob.com/2008/05/24/yubikey-and-openid/ the pundit. Mon, 19 Jul 2010 05:38:11 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: bob http://www.superbob.com/2008/05/24/yubikey-and-openid/comment-page-1/#comment-128 bob Wed, 28 May 2008 02:11:06 +0000 http://www.superbob.com/?p=46#comment-128 That's a good point. I was thinking more for use on my personal computers, but it would certainly be useful to have this on public machines. The way the key is constructed, it looks like you need a USB port. I have been considering, if the specifications are open enough, whether or not this could be simulated in software. I don't know if this goes against the spirit of what they are trying to do. How are OTP vulnerable to MITM attacks? I thought that was the whole point because replaying the password wouldn't help. The server would be looking for a new password the next time you had to log in. That’s a good point. I was thinking more for use on my personal computers, but it would certainly be useful to have this on public machines. The way the key is constructed, it looks like you need a USB port. I have been considering, if the specifications are open enough, whether or not this could be simulated in software. I don’t know if this goes against the spirit of what they are trying to do. How are OTP vulnerable to MITM attacks? I thought that was the whole point because replaying the password wouldn’t help. The server would be looking for a new password the next time you had to log in.

]]> By: virkam http://www.superbob.com/2008/05/24/yubikey-and-openid/comment-page-1/#comment-127 virkam Mon, 26 May 2008 01:35:38 +0000 http://www.superbob.com/?p=46#comment-127 hi, vert interesting product. only one question is - public PCs where u will not have usb prot available? then how does the product work. Or it is limited to machines having usb port. secondly, OTP are bypassed by attacks like MITM and MTIB. So does this product also have some hidden protect from these forms of attacks. it is good they are letting the product be open for other vendors to integrate or develop using their products. cheers hi,

vert interesting product. only one question is – public PCs where u will not have usb prot available? then how does the product work. Or it is limited to machines having usb port.

secondly, OTP are bypassed by attacks like MITM and MTIB. So does this product also have some hidden protect from these forms of attacks.

it is good they are letting the product be open for other vendors to integrate or develop using their products.

cheers

]]>