Can I use my own Yubikey on Mt Gox? | Bitcointalksearch.org

AmDD

legendary

Activity: 1027

Merit: 1005

Quote from: Inaba on October 13, 2012, 09:54:13 AM

It's Mt.Gox themselves that is the crock of shit here, not Yubikey. Gox decided to run their own AES256 server instead of using Yubikeys, so they have a unique signature that makes using their keys impossible elsewhere for the most part. That said, given the history of the security practices at Mt.Gox, I would trust Yubikey far more to keep the Yubikey servers uncompromised than I would ever trust Mt.Gox to properly run an encryption server... but it is what it is.

I agree, i wasnt upset with Yubikey but rather Gox for not being clear about having to buy one from them and for not using their servers.

Inaba

legendary

Activity: 1260

Merit: 1000

It's Mt.Gox themselves that is the crock of shit here, not Yubikey. Gox decided to run their own AES256 server instead of using Yubikeys, so they have a unique signature that makes using their keys impossible elsewhere for the most part. That said, given the history of the security practices at Mt.Gox, I would trust Yubikey far more to keep the Yubikey servers uncompromised than I would ever trust Mt.Gox to properly run an encryption server... but it is what it is.

Carlton Banks

legendary

Activity: 3430

Merit: 3074

Perhaps the key is supplied in the instructions, or the instructions tell you how to access the key. If you can come up with a secure way of supplying the key to a third party, then you've got no problems using it with the services of said third party. Gox themselves sell Yubikeys directly to customers themselves, which should go a long way to making the key pretty secure.

AmDD

legendary

Activity: 1027

Merit: 1005

Quote from: Carlton Banks on October 13, 2012, 03:50:58 AM

Quote from: AmDD on October 12, 2012, 07:20:07 PM

Seriously? What a crock of shit!

I understand what you're saying, but not quite.

The Yubikey has an internal key that Gox needs to know before it can identify your Yubikey as being definitively yours (a cryptographic signature is generated using the internal key). And so, I'm afraid you got what you paid for (you just didn't know what you were paying for)

Does anyone know if OP could send the Yubikey to Gox, and Gox then extract a copy of the internal key? (sounds like a potentially dangerous thing to do. If Gox can scan the internal key, then I bet a postal worker that knows what the Mt Gox address looks like could equally extract the key).

I understand what your saying but based on that there should be no place at all, other than www.yubikey.com, that they will work. And if that's the case, what's the point?

Carlton Banks

legendary

Activity: 3430

Merit: 3074

Quote from: AmDD on October 12, 2012, 07:20:07 PM

Seriously? What a crock of shit!

I understand what you're saying, but not quite.

The Yubikey has an internal key that Gox needs to know before it can identify your Yubikey as being definitively yours (a cryptographic signature is generated using the internal key). And so, I'm afraid you got what you paid for (you just didn't know what you were paying for)

Does anyone know if OP could send the Yubikey to Gox, and Gox then extract a copy of the internal key? (sounds like a potentially dangerous thing to do. If Gox can scan the internal key, then I bet a postal worker that knows what the Mt Gox address looks like could equally extract the key).

AmDD

legendary

Activity: 1027

Merit: 1005

Seriously? What a crock of shit!

Inaba

legendary

Activity: 1260

Merit: 1000

Nope.

Nope you can't use it.
Nope you aren't missing anything.

AmDD

legendary

Activity: 1027

Merit: 1005

I just bought a Yubikey from www.yubikey.com and tried to add it to my Mt Gox account but I cant seem to figure out how. It looks like they want you to buy a key from them... Am I missing something?

Topic: Can I use my own Yubikey on Mt Gox? (Read 1044 times)