[Linux-aus] Yubikeys

Matthew Lye lyematt at gmail.com
Thu May 6 16:20:35 EST 2010 

Might be just me but this could be a good opportunity for LA to supply a
service to LUGs

LA could centrally run a central authentication server for the LUGs to use
so that the ability for LUGs to run them individually would be irrelevant.

With the price difference, and the other uses LA could find for yubi keys it
would seem to be a good idea.

-Matthew Lye

You can do anything you set your mind to when you have vision,
determination, and and endless supply of expendable labor.
<No trees were harmed during this transmission. However, a great number of
electrons were terribly inconvenienced>


On Thu, May 6, 2010 at 3:29 PM, Russell Coker <russell at coker.com.au> wrote:

> http://etbe.coker.com.au/2010/03/15/yubikey/
>
> Yubico have offered a 20% educational discount rate for the purchase of
> Yubikeys (as described in my above blog post) to "your club", I think it
> would
> be best to arrange a purchase for all LUGs in Australia (I guess that LA
> can
> be my "club").  This would involve one person from each state taking
> orders,
> collecting money, and having a single address where the keys can be posted.
> Delivering the keys to the owners at a LUG meeting would be best for
> keeping
> the cost down - posting a single-key interstate would probably increase the
> price by 10% or more.
>
> In a brief summary of what the Yubikey does, it is an authentication token
> that looks like a USB keyboard and provides a one-time password when a
> button
> is pressed.  Among other things using such a device makes it significantly
> more difficult for a trojan to crack your account when you use an Internet
> Cafe.
>
> Yubikeys ship with a secret that supports authentication via the Yubico
> server, which incidentally is what I'm using for admin access to my blog -
> I
> feel that a password in addition to a key authenticated by Yubico is secure
> enough.  I plan to run my own authentication server in the future and not
> trust Yubico.
>
> It would be quite possible for a LUG to run their own Yubi authentication
> server for members to access their site services (as has already been
> requested for LUV).  But I think that it would probably be more convenient
> for
> everyone for a LUG to use OpenID and allow members to use their own OpenID
> server that supports Yubikey authentication (such as a Wordpress blog with
> the
> Yubikey and OpenID plugins).
>
> https://store.yubico.com/
>
> The regular prices (in $US) are advertised on the above URL.  It's $1,500
> for
> a pack of 100 keys that are pre-programmed with secret keys for
> authentication
> with Yubico (the easy way of using them) and the pouches etc.  Yubico have
> offered me a price of $12 per key for 100+ keys, that probably will be
> about
> $14 Australian including postage.
>
> A new option has just appeared on the Yubico store page, packs of 50 keys
> that
> are unprogrammed and which don't have the packaging for $12 each - I
> haven't
> yet asked but I expect that some sort of discount would be available on
> them
> too, if it's a 20% discount then that would make it $9.60 per key.  Would
> anyone be prepared to pay $US2.40 extra for the nice packaging and the
> ability
> to use the Yubico authentication server?  Or should we go with the
> assumption
> that every LUG member either has the technical skills to program their own
> key
> and run an authentication server or can get someone else to do so?  We
> could
> buy both types of key if we have orders for 100+ regular keys and some
> number
> of 50 packs of raw keys that's not a float.
>
> The cost of a single key is $25 + $5 shipping.  So we are talking about a
> discount price being less than half the RRP of a single key, and as little
> as
> 1/3 if they are bought raw!
>
>
> This issue has been discussed by the LA committee and they have agreed in
> concept.  The details of how the finances work out are yet to be resolved.
>  I
> think that if we get over a few hundred keys then it might be best to have
> LA
> manage the ordering and payment as having many thousands of dollars from
> LUGs
> go through my bank account could get inconvenient.  But I am prepared to do
> it
> all myself if necessary.
>
> --
> russell at coker.com.au
> http://etbe.coker.com.au/          My Main Blog
> http://doc.coker.com.au/           My Documents Blog
>
> _______________________________________________
> linux-aus mailing list
> linux-aus at lists.linux.org.au
> http://lists.linux.org.au/listinfo/linux-aus
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux.org.au/pipermail/linux-aus/attachments/20100506/a04cb3d2/attachment.htm

More information about the linux-aus mailing list