On Thu, 7 Oct 2010, Mike McGrath wrote: > My understanding on this is, and I reserve the right to misunderstand > this, is that once the AES key is on the yubikey, there is no way to get > it off of there. That key is just used to generate OTP's. So if an > attacker were to get an OTP they could use it to access fedora resources. > But only once (which is kind of the point of the otp). And they'd only be > able to use it once if the real user hadn't used it again making the > attack window smaller. That's right. And since fedora is not using the yubikey as an audit trail, this is fine - anyone with root could obtain anyone AES key and "clone" a yubikey and login as someone else. You might only see some people who know how yubikeys work decide on sticking to one device for multiple services which are not aware they are sharing the same AES key. But it is a clear distinction from say ssh public keys, where I can give everyone my public ssh key without needing to trust the remote party at all (provided I don't use ssh -A to their servers) Paul -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel