[Linux-aus] Yubikeys

John Ferlito johnf at inodes.org
Fri May 7 13:08:05 EST 2010 

Hi Russell,

Thanks for taking this on. I've created a page on the Ctte Wiki that
anyone can edit to manage this.

http://wiki.linux.org.au/Ctte/YubiKey_Purchase

First we need people from LUGs willing to perform distribution, and
then people can start putting down how many they want.

If we can kick that process of and then in about a week see how much
interest there is then we'll work out the best way to proceed
logistically.

Since if we don't get interest for about 100 keys I'm not sure whether
it is worth all the effort.

Cheers,
John


On Thu, May 06, 2010 at 03:29:29PM +1000, Russell Coker wrote:
> http://etbe.coker.com.au/2010/03/15/yubikey/
> 
> Yubico have offered a 20% educational discount rate for the purchase of 
> Yubikeys (as described in my above blog post) to "your club", I think it would 
> be best to arrange a purchase for all LUGs in Australia (I guess that LA can 
> be my "club").  This would involve one person from each state taking orders, 
> collecting money, and having a single address where the keys can be posted.  
> Delivering the keys to the owners at a LUG meeting would be best for keeping 
> the cost down - posting a single-key interstate would probably increase the 
> price by 10% or more.
> 
> In a brief summary of what the Yubikey does, it is an authentication token 
> that looks like a USB keyboard and provides a one-time password when a button 
> is pressed.  Among other things using such a device makes it significantly 
> more difficult for a trojan to crack your account when you use an Internet 
> Cafe.
> 
> Yubikeys ship with a secret that supports authentication via the Yubico 
> server, which incidentally is what I'm using for admin access to my blog - I 
> feel that a password in addition to a key authenticated by Yubico is secure 
> enough.  I plan to run my own authentication server in the future and not 
> trust Yubico.
> 
> It would be quite possible for a LUG to run their own Yubi authentication 
> server for members to access their site services (as has already been 
> requested for LUV).  But I think that it would probably be more convenient for 
> everyone for a LUG to use OpenID and allow members to use their own OpenID 
> server that supports Yubikey authentication (such as a Wordpress blog with the 
> Yubikey and OpenID plugins).
> 
> https://store.yubico.com/
> 
> The regular prices (in $US) are advertised on the above URL.  It's $1,500 for 
> a pack of 100 keys that are pre-programmed with secret keys for authentication 
> with Yubico (the easy way of using them) and the pouches etc.  Yubico have 
> offered me a price of $12 per key for 100+ keys, that probably will be about 
> $14 Australian including postage.
> 
> A new option has just appeared on the Yubico store page, packs of 50 keys that 
> are unprogrammed and which don't have the packaging for $12 each - I haven't 
> yet asked but I expect that some sort of discount would be available on them 
> too, if it's a 20% discount then that would make it $9.60 per key.  Would 
> anyone be prepared to pay $US2.40 extra for the nice packaging and the ability 
> to use the Yubico authentication server?  Or should we go with the assumption 
> that every LUG member either has the technical skills to program their own key 
> and run an authentication server or can get someone else to do so?  We could 
> buy both types of key if we have orders for 100+ regular keys and some number 
> of 50 packs of raw keys that's not a float.
> 
> The cost of a single key is $25 + $5 shipping.  So we are talking about a 
> discount price being less than half the RRP of a single key, and as little as 
> 1/3 if they are bought raw!
> 
> 
> This issue has been discussed by the LA committee and they have agreed in 
> concept.  The details of how the finances work out are yet to be resolved.  I 
> think that if we get over a few hundred keys then it might be best to have LA 
> manage the ordering and payment as having many thousands of dollars from LUGs 
> go through my bank account could get inconvenient.  But I am prepared to do it 
> all myself if necessary.
> 
> -- 
> russell at coker.com.au
> http://etbe.coker.com.au/          My Main Blog
> http://doc.coker.com.au/           My Documents Blog
> 
> _______________________________________________
> linux-aus mailing list
> linux-aus at lists.linux.org.au
> http://lists.linux.org.au/listinfo/linux-aus

-- 
John
Blog                             http://www.inodes.org
LCA2010                          http://www.lca2010.org.nz

More information about the linux-aus mailing list