I’m disapointed in you Mr. Gibson

Dear Steve Gibson,

On January 29th (2009) I found a flaw in the Yubico authentication server used by owner of the Yubikey. It allowed reuse of one time passwords (OTP) generated by a Yubikey during the same insertion.  I documented the problem and contacted Yubico and to confirm my findings you.  My frustration over this even has continued to bother me so I’m writing this blog post.

I respect you and I’m bothered by the way an issue of this magnitude was not discussed. In the last years you have spoken may times about flaws in other products and companies unwillingness to bring to light their flaws.  I’m hoping you where not aware of this problem and not just keeping quite.

I believe Yubikey is the true answer to the password security issue.