Because all code is open source, you can also run your own validation server. In that case you can reprogram Yubikey with your own secret AES-key and store that key locally into your own server. I had to make a decision which way to go.
DR-log:
| Question : | Using Yubico validation service or local? |
| Alternative 1 | Yubico validation service
+ Very easy validation (for example simple http request) + No need to reprogram keys + Access can be provided also friends with Yubikey, even through webinterface - Needs internet connection - You have to trust Yubico to keep your AES secret and state of internal counters |
| Alternative 2 | Running own validation server
+ Works also when internet connection is broken + No need to trust any 3rd side - Need to reprogram all keys. Same keys can't be used to logon any other Yubikey-enabled service |
| Comments : | First of all I trust Yubico. Even if internet connections is lost, my PC can also die - I have to have also mechanical key and lock available for those situations. |
| Decision #3: | I'll use Yubico authentication service |
I loved your project, and, to be sincere, you were the one who convinced me to buy a yubikey! :P
VastaaPoistaI just stumbled again on your website, so i read again this post, and thought you might be interested in my little project: it's a lightweight validation server implementing both Yubiserve OTP and OATH/HOTP :P
So, if you thought to switch back from yubico servers to local, it could come in handy :P
The project is actually hosted on google code: http://code.google.com/p/yubico-yubiserve/
Bye! :P
Thanks for comment and thanks for yubiserve. It looks just what I could use in my implementation!
VastaaPoista