YubiKey 5 NFC conversion

Is this chip supported as a custom conversion service?

I would suggest you contact Dangerous Things and ask them directly.

Would be great if you could keep us updated. Although I imagine most people will be taking the Vivokey route.

Hope it goes well

To the best of my knowledge YubiKeys are by design near impossible to open without destroying the NFC tag. You’re likely better off waiting a few months for the VivoKey Flex One public beta release on the new P71 chips since it should support essentially the same features and a few more and it’s purpose built for implantation so it’s in a form factor that’s easy to install.

1 Like

That’s unfortunate. I’ve got a case of YubiKeys that I’ll test into and see how many tries before I get a good dissection or give up. YubiKey or similar hardware OTP solutions such as the Flex One (as I understand it will be) are mediocre by themselves in an infosec compliance driven enterprise environment. YubiCo’s integration with the full MFA suite of Duo software gets to a much higher level of security with its U2F support baked into prebuilt APIs for most major business platforms, webapps, and operating systems authentication out of the box for LDAP and active directory single signon integration along with encrypted radius and API key pairs to the domain controllers makes it virtually impenetrable digitally (without significant social engineering). Going back to a hardware key only and underdeveloped APIs would be a big step backwards for me. We have nearly 20 unique authentication systems internally implemented using the YubiKey/Duo integration I described above.

Since you already have the infrastructure
in place, you have yourself a valid argument to pursue it further.
It cant hurt to contact and ask Amal.
Worse case scenario he says no.
Best case, you get the solution you are after.

That’s not entirely true… we’ve opened plenty of them… they make it hard to decap the ICs involved… which is different from simply opening the key itself. The problem is that the thing is very thick and rigid, thus not well suited for implantation.

I have not seen the new 5s… if you want to send me one to evaluate conversion, PM me.

Is all this power you speak of brought to your org provided by Duo, or YubiKey? If it’s Duo, VivoKey can work toward a similar integration. If it’s brought by YubiKey, we can work on applets on the implant side as well. In fact, fyi @fraggersparkshttp://amal.net/caps/2020-01-20_17-35-30-firefox.png

2 Likes

Putting my Head of Software hat on here.

Yubikey hasn’t reinvented the wheel here. U2F is an open standard we have implemented.

U2F V1 is pretty much done; U2F V2 is in dev.
I take it most of your internal authentication is via Duo? It’s a little confusing as AD and yubikey also work using PIV (a NIST standard).

As Amal has said, we’re now approaching Duo - as they are an important partner in this space. My day job is IT support and we sell Duo to clients.

5 Likes

Great to hear. Thanks for the background on development strategy and plans. I’m excited for the future of the platform.

Duo brings that power and now that I think about it, yes it does in fact does support multiple hard token options, even mix and match (but we haven’t used it that way in order to ensure the physical yubikey button press indicating the user is present with token in hand at the system logging in). VivoKey as a certified partner would certainly fit the bill of what I personally want. Now the waiting :frowning:

2 Likes