[lug] Yubikey
Kevin Fenzi
kevin at scrye.com
Wed Oct 13 11:49:57 MDT 2010
On Wed, 13 Oct 2010 11:38:33 -0600
Nate Duehr <nate at natetech.com> wrote:
> On 10/13/2010 8:34 AM, Davide Del Vento wrote:
> >> Anybody care to comment on this? Some fedora projects are adding
> >> support for it.
> >>
> >> http://yubico.com/products/yubikey/
I've got one on order. ;) Should be a fun toy.
...snip...
> > In conclusion, I'm pretty happy with the yubi.
>
> Seems like it would work pretty well. They're careful not to list
> pricing on their website, as best as I could tell.
https://store.yubico.com//
If you just want one to play with there's a discount from the
securitynow podcast:
http://forum.wegotserved.com/index.php/topic/9310-discount-on-yubikey-via-securitynow-podcast/
...snip...
> My Lenovo laptop has a fingerprint reader, but it's been proven to be
> weak sauce and easily tricked via various methods.
well, I have heard a number of people claim this based on things like
the mythbusters finger imprint stuff and the like. The problem is that
the fingerprint readers on laptops are a swipe type, not a press flat
type, and many of those attacks do not work or apply there.
Not that I am saying that they are super secure, just that they are not
really subject to the latex/gel attacks. ;)
> :-)
>
> Fun discussion.
Agreed.
> Kinda silly overall, though... basically the move from passwords to
> keys just means that the bad guys have to get ahold of the key, and
> the easiest way to do that... is to get ahold of YOU. A gun to your
> head, you'll hand over the key AND the PIN... and if it had
> biometrics, swipe your finger (or they'd cut it off and use it
> anyway)...
Sure, but they can do that now if they want? Nothing new.
> So... not sure what real security these provide. Instead of the bad
> guys being script kiddies banging on multiple passwords and
> usernames, now the bad guys just have to throw you in the back of a
> van and they have everything they need. Not sure that's really
> "security", but it is good security theater and it appeals to geeks
> and geek bosses who think the key fob is "cool".
It requires them to be physically there... not over the net.
The idea is that if the cost is just breaking a password over the net,
someone might break in. If it requires them to go to your house they
won't bother. ;)
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20101013/ea4d44c4/attachment.pgp>
More information about the LUG
mailing list