1. Correct, you cannot use OTP to encrypt a wallet.
2. Yes
5. They provide software for companies to use as an authentication module, so they can allow clients to use OTP authentication.
7. You can use 1 Yubikey for several websites or services
Take a look at this blog for a good writeup on the pro's and cons of static keys vs. OTP:
http://blog.rootshell.be/2009/03/15/yubikey-one-time-password-vs-static-password/
Topic: Yubikey and Bitcoin Security (Read 2117 times)
I've been looking for ways to make Bitcoin and Bitcoin related services that I use more secure and have found Yubikey (the generic one and not the MTGox one). But after some research a few things are still unclear to me:
1 - The Yubikey can only be used in Static Password mode for encrypting the Bitcoin wallet. Correct?
2 - How secure is using the Yubikey in Static Password mode. Can a software keylogger record the password being sent form the Yubikey to the Bitcoin-QT application?
3 - What is the difference between OATH-HOTP and OTP mode in easy to understand terms?
4 - Which mode of the Yubikey corresponds to Google Authenticator on Android?
5 - I read that Yubikey uses an authentication server. So how does that work exactly? Does it do some online check every time I press the button?
6 - How secure do you think it is in general? Is it a good layer of security for any online services (exchanges, online wallets, etc)
7 - Can I use 1 Yubikey for more than 1 service/website or is this a security flaw?
Thanks to anyone who can answer any of my questions
1 - The Yubikey can only be used in Static Password mode for encrypting the Bitcoin wallet. Correct?
2 - How secure is using the Yubikey in Static Password mode. Can a software keylogger record the password being sent form the Yubikey to the Bitcoin-QT application?
3 - What is the difference between OATH-HOTP and OTP mode in easy to understand terms?
4 - Which mode of the Yubikey corresponds to Google Authenticator on Android?
5 - I read that Yubikey uses an authentication server. So how does that work exactly? Does it do some online check every time I press the button?
6 - How secure do you think it is in general? Is it a good layer of security for any online services (exchanges, online wallets, etc)
7 - Can I use 1 Yubikey for more than 1 service/website or is this a security flaw?
Thanks to anyone who can answer any of my questions
Jump to: