Home
Contents
CLOSE
CLOSE
Choosing YubiKey Public ID byte length
Choosing YubiKey Public ID byte length

Historically, AuthLite-programmed YubiKeys have used the longest possible public ID (16 bytes), to eliminate the chance of an attacker guessing the ID and also because the key's record in the data store is encrypted by the hash of the public ID for slightly greater protection.

As of AuthLite version 2, it is possible to specify that your domain will use shorter public IDs. Note that the number of possible YubiKeys in your environment will be limited to 2 ^ (8 x byte length). So for example using a 2-byte public ID limits you to 2 ^ (8x2) = 65536 possible keys.

You can leave this value at 16 unless you have a reason to want shorter YubiKey OTP strings.  One example of this is with SonicWall appliances; different systems can have quite short limits on how many characters can be entered in the Username or Password fields.  (Please consult Sonicwall for the limits of your system.)

The smallest possible YubiKey OTP that can be produced is 34 characters.  This would be one byte of public ID (limiting you to 255 YubiKeys total!) and 32 bytes of encrypted OTP data.