Author

Topic: How to use existing Yubikey with mt Gox (Read 1173 times)

member
Activity: 77
Merit: 10
December 11, 2012, 06:51:34 PM
#8

Thanks for the quick replies!

 Smiley
hero member
Activity: 882
Merit: 1006
December 11, 2012, 06:37:23 PM
#7
This leads me to think:

If I bought a Yubikey for Mt Gox (first) could I then also use it later with a Blockchain.info wallet?



Yes, but a cat with a straw in its mouth would do a better job at protecting your wallet. If your yubikey is keylogged, it can actually be re-used by an attacker due to the way BC.info decided to support Yubikeys (the wrong way).
legendary
Activity: 1372
Merit: 1008
1davout
December 11, 2012, 05:42:40 PM
#6
That's their policy.  there is no technical reason why, except they want to make a few extra bucks off the process, I guess.
Their technical reason is that they are the only ones keeping a copy of the AES key that's in the yubikey, regular yubikeys need the OTPs to be validated against yubico's service who keeps a copy of the AES key. I don't think it makes much sense but that's the technical reason they advertise.
legendary
Activity: 1372
Merit: 1008
1davout
December 11, 2012, 05:40:02 PM
#5
This leads me to think:

If I bought a Yubikey for Mt Gox could I then also use it with a Blockchain.info wallet?
nope, well yes, but that's just because blockchain.info doesn't do the right thing and only checks the key id without actually validating the OTP meaning its vulnerable to replay attacks. boo
member
Activity: 77
Merit: 10
December 11, 2012, 05:29:20 PM
#4
This leads me to think:

If I bought a Yubikey for Mt Gox (first) could I then also use it later with a Blockchain.info wallet?

mjc
hero member
Activity: 588
Merit: 500
Available on Kindle
December 11, 2012, 04:52:52 PM
#3
No you cannot use an existing YubiKey with Mt Gox.  I thought the same.  You have to order a YubiKey from them for their site.

That's their policy.  there is no technical reason why, except they want to make a few extra bucks off the process, I guess.

They program to OTP into the key.  The first profile is for log in on to their system, the second profile is used for transferring money from your account.

While it is a pain, it is advisable to go ahead and get one.  When I did, I got the one that was branded with the Mt Gox logo.  Makes it easier to manage.

Hope that helps.

legendary
Activity: 2506
Merit: 1010
December 11, 2012, 02:35:48 AM
#2
I do not want to use google authenticator, and I don't want to have to buy Mt. Gox's yubi key.  

I believe you program the Yubikey OTP with the secret from Mt. Gox, just like you would configure Google Authenticator.
  - http://www.yubico.com/products/services-software/personalization-tools/yubikey-otp/
member
Activity: 61
Merit: 10
December 10, 2012, 07:36:12 PM
#1
Hi Everyone,

I already use a Yubikey that I bought in order to have a 2 factor with lastpass and blockchain.info.  Is there a way to use the same key with Mt Gox? 

When I get to the "Add new software Authentication System" I get a "standard private key' and a "secure private key" and a blank field called "code".  Do I need to use the Yubikey personalization software to generate the code?

I do not want to use google authenticator, and I don't want to have to buy Mt. Gox's yubi key. 

Thanks
Jump to: