[Linux-aus] Yubikeys

Russell Coker russell+linux-aus at coker.com.au
Thu May 6 16:06:04 EST 2010


http://etbe.coker.com.au/2010/03/15/yubikey/

Yubico have offered a 20% educational discount rate for the purchase of 
Yubikeys (as described in my above blog post) to "your club", I think it would 
be best to arrange a purchase for all LUGs in Australia (I guess that LA can 
be my "club").  This would involve one person from each state taking orders, 
collecting money, and having a single address where the keys can be posted.  
Delivering the keys to the owners at a LUG meeting would be best for keeping 
the cost down - posting a single-key interstate would probably increase the 
price by 10% or more.

In a brief summary of what the Yubikey does, it is an authentication token 
that looks like a USB keyboard and provides a one-time password when a button 
is pressed.  Among other things using such a device makes it significantly 
more difficult for a trojan to crack your account when you use an Internet 
Cafe.

Yubikeys ship with a secret that supports authentication via the Yubico 
server, which incidentally is what I'm using for admin access to my blog - I 
feel that a password in addition to a key authenticated by Yubico is secure 
enough.  I plan to run my own authentication server in the future and not 
trust Yubico.

It would be quite possible for a LUG to run their own Yubi authentication 
server for members to access their site services (as has already been 
requested for LUV).  But I think that it would probably be more convenient for 
everyone for a LUG to use OpenID and allow members to use their own OpenID 
server that supports Yubikey authentication (such as a Wordpress blog with the 
Yubikey and OpenID plugins).

https://store.yubico.com/

The regular prices (in $US) are advertised on the above URL.  It's $1,500 for 
a pack of 100 keys that are pre-programmed with secret keys for authentication 
with Yubico (the easy way of using them) and the pouches etc.  Yubico have 
offered me a price of $12 per key for 100+ keys, that probably will be about 
$14 Australian including postage.

A new option has just appeared on the Yubico store page, packs of 50 keys that 
are unprogrammed and which don't have the packaging for $12 each - I haven't 
yet asked but I expect that some sort of discount would be available on them 
too, if it's a 20% discount then that would make it $9.60 per key.  Would 
anyone be prepared to pay $US2.40 extra for the nice packaging and the ability 
to use the Yubico authentication server?  Or should we go with the assumption 
that every LUG member either has the technical skills to program their own key 
and run an authentication server or can get someone else to do so?  We could 
buy both types of key if we have orders for 100+ regular keys and some number 
of 50 packs of raw keys that's not a float.

The cost of a single key is $25 + $5 shipping.  So we are talking about a 
discount price being less than half the RRP of a single key, and as little as 
1/3 if they are bought raw!


This issue has been discussed by the LA committee and they have agreed in 
concept.  The details of how the finances work out are yet to be resolved.  I 
think that if we get over a few hundred keys then it might be best to have LA 
manage the ordering and payment as having many thousands of dollars from LUGs 
go through my bank account could get inconvenient.  But I am prepared to do it 
all myself if necessary.

-- 
russell at coker.com.au
http://etbe.coker.com.au/          My Main Blog
http://doc.coker.com.au/           My Documents Blog



More information about the linux-aus mailing list