[lug] GitHub+Yubico, FIDO U2F token discount
Quentin Hartman
qhartman at gmail.com
Mon Oct 5 12:26:15 MDT 2015
This might be what you are looking for:
https://fidoalliance.org/specifications/overview/
On Mon, Oct 5, 2015 at 12:03 PM, Davide Del Vento <
davide.del.vento at gmail.com> wrote:
> Hey Rich,
>
> The special github yubikeys are totally sold out, but there is 20% off
> any regular yubikey. I'm familiar with the yubikey OTP, but I'm not
> with this FIDO U2F. At first is sounded to me like it is just a really
> long, second password that you don't have to type (like the OTP is the
> first, equally long password, that you don't have to type and second,
> it changes every time). But then it says something like "it performs
> cryptographic functions triggered by a simple touch of the key [...]
> required for login", which sounded OTP-like but based on an input
> instead of an implicit sequence count. I could not find any decent
> documentation about this, do you have any recommended readings? For
> example, how is this input sent to the yubikey? What is it really
> about? How can be that "you have an unlimited number of U2F
> credentials on these YubiKeys that support the U2F protocol" as the
> FAQ says?
>
> Thanks,
> Davide
>
> On Sun, Oct 4, 2015 at 12:17 PM, Richard Johnson <rdump at river.com> wrote:
> > If you participate in open source projects that use GitHub, or you're
> even a
> > bit of a crypto geek, this is a cool opportunity for an inexpensive but
> > quite durable [1] hardware 2nd factor.
> >
> > https://www.yubico.com/github-special-offer/
> >
> >
> http://www.wired.com/2015/10/github-moves-past-password-make-open-source-secure/
> >
> > GitHub has announced they're supporting FIDO U2F as a 2nd factor on
> logins
> > to their web service. It's working now via recent versions of
> > Chromium/Chrome only, but Mozilla has an open feature issue for adding
> > support.
> >
> > Even better, they have a serious discount ($5+$5 shipping) on Yubico's
> > otherwise $18 FIDO U2F-only USB tokens (complete with OctoCat logo so you
> > can tell them apart ;) ). They'll be usable on GitHub and increasingly
> > widely beyond.
> >
> > While I'm still wanting a fully open source s/w + h/w implementation of
> FIDO
> > U2F on a secure base (Nitrokey, eventually?), this will do for now. $5
> is in
> > "might as well get some to experiment with" range for me.
> >
> >
> > Rich
> >
> > -------
> > [1] I once found a lost basic Yubikey after it had spent 3 weeks freezing
> > every night in a puddle of muddy snowmelt. It still works fine. These
> Yubico
> > FIDO U2F models have the same construction.
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20151005/69af2f48/attachment.html>
More information about the LUG
mailing list