No response from YubiKey NEO - but not always
Popular easy-to-use and secure password manager
Brought to you by:
ronys
Menu
▾
▴
#423 No response from YubiKey NEO - but not always
Password Safe sometimes says "No response from YubiKey",
after entering safe combination &
clicking on green Yubikey button & touching YubiKey NEO.
But sometimes (1 in 20?) it works! Seemingly randomly!
The message comes immediately at the touch.
My old Yubikey works consistently.
Tried: changing NEO connection modes [OTP+CCID] [OTP]
- a slower output character rate
- a short delay before/after sending OTP
Using the Personalization Tool:
- both keys show Slot 1 and 2 configured
- both keys give the same response from slot2 / HMAC-SHA1
Windows 7 sp1, 64bit Intel
Password Safe v3.34.01
(new) YubiKey NEO f/w 3.3.0
(old) YubiKey Standard f/w 2.3.3
YubiKey NEO Manager 0.2.4
YubiKey Personalization Tool 3.1.16
I just bought a YubiKey to secure my Password Safe database and I have the same exact problem. I just can't have Password Safe accept a challenge.
When I insert my key the green Yubikey button appear and I can press it. I then touch the Yubikey NEO button and I get the message "No response from YubiKey".
I tried the "Challenge-Response Tester" in the "Yubikey Personalization tool" and the test is successful; so the key seems to work.
This is my config:
Windows 8.1 64bit Intel
Password Safe v3.34.01
YubiKey NEO f/w 3.3.0
YubiKey Personalization Tool 3.1.16 (library v1.15.3)
It seems that Yubico acknowledge a problem with firmware version 3.3 on NEOs, specifically with the HMAC-SHA1 Challenge Response.
http://forum.yubico.com/viewtopic.php?f=26&t=1571
I contacted Yubico and they indeed confirmed that firmware 3.3.0 was buggy.
They gave me the following workaround though:
I tried it and it is working.
They also told me that there's no planned release date for the next version of the firmware.
They offered me to RMA the Yubikey.
Since the workaround is acceptable, I will keep it and they agreed to give me 50% off my next Yubikey order.
They really have a great customer service.
There is new firmware available on the NEO, that solves the "Require user input" to the Challenge Response. The Firmware version is still 3.3.0.
But with NEO Manager 1.1.0, one can enable all three connection modes.
With OTP+U2F+CCID enabled, Password Safe 3.34.1 on Windows7, does not recognize the NEO. The Yubikey button is grey. As soon as U2F is removed, leaving OTP+CCID, the Yubikey button turns green. This behaviour is the same regardless of "Require user input"
The "firmware" version showing in NEO Manager is actually the applet firmware (CCID functions). The device firmware version can be found (in Windows) by going to Device Manager, expanding "Human Interface Devices", and right-clicking on the entry for "HID-compliant device" and selecting "Properties". Go to the "Details" tab, change Property to "Hardware Ids", and look at the number after "REV_". Mine shows REV_0331, which means it's a 3.3.1 firmware. 3.3.2 and 3.3.3 firmware have this issue. If this firmware issue affects your Password Safe experience, please open a ticket at yubi.co/support and provide your order number. We'll arrange a new key for you.
-Chris
Yubico Support
Closing this as it appears to be a YubiKey issue.
Note that PasswordSafe 3.35 fixes some unrelated YubiKey issues, so it's probably worth upgrading in any case.
Thanks Rony:
Two Yubikey NEO / PasswordSafe issues resolved:
1: challenge response - fixed in firmware 3.3.4 (see above note from Chris)
2: Password safe couldn't see a key with both OTP & U2F - fixed in 3.35
BTW, the android version works well too.
Regards, Bill