Hacker News new | ask | show | jobs
by michaelt 4256 days ago 

  The Yubikey website specifies that the device registers as 
  a Keyboard, flash card, and flash reader when you plug it 
  in.
Looking at [1] it seems they make a range of products; some of their products implement multiple standards, as well as multiple USB devices. The "Premium NEO" emulates a keyboard to provide OATH HOTP, emulates a smart card reader to support PIV, and emulates a "FIDO U2F HID device" to support FIDO.

On the other hand, their "FIDO U2F Special SECURITY KEY", which only supports FIDO, does not emulate a keyboard or smart card reader - it only supports "FIDO U2F HID device"

So presumably FIDO relies on special browser support to talk to the physical hardware, and implements HID but doesn't emulate a keyboard.

[1] https://www.yubico.com/products/yubikey-hardware/
1 comments
rlpb 4256 days ago
Thanks, this is useful.

As a custom USB HID device then, I wonder if the OS has to get involved? Or is custom support in the application sufficient?

link
orclev 4256 days ago
Per the FIDO spec they implement the protocol on top of the standard libUSB that's available as part of all current generation OSes. So yes, in a way, the OS does get involved, but only in so far as it treats it as yet another generic USB device. It's up to the application that implements the FIDO spec to send the proper commands over USB to interface with the HID device.
link
yanonymator 4256 days ago
LOL "No need for ... client software..." ... Uses ... built-in support directly into the browser".

So when did a browser stop being "client software" ?

Never let the truth get in the way of a good advertising claim eh?

link
wmf 4256 days ago
So when did a browser stop being "client software"?

Around the time Netscape relegated Windows to a bunch of device drivers?

link
cerberusss 4254 days ago
I do understand what they're saying, though. My bank also uses 2FA. You can type a challenge into a dongle, but you can also hook up the dongle. However, it needs a USB driver to work. Every OS update, it's uncertain whether it still works. I don't use it anymore because of that reason.

This stuff built into the browser makes it easier.

link