-
-
Notifications
You must be signed in to change notification settings - Fork 125
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: re YubiKey Manager and PIN bruteforcing #21
Comments
@dagheyman The README is correct and refers to this in the yubikey-agent -setup: Lines 102 to 106 in 300b62a
The management key is discarded by yubikey-agent. Are you suggesting yubikey-agent should not destroy the management key and instead use the PIN protection for keeping the management key? |
Or maybe it is my misunderstanding and the management key can actually be used via PIN? This should be the implementation |
All the |
Sure, the help page for
Relevant code is here, what is called I also tried running the Anyway, I don't see compatibility here as super important, I just wanted to update the docs to drop the note about PIN bruteforcing :) Will create a PR with that proposed change. |
Oh, awesome, glad to hear they dropped the old scheme! |
README states:
I think this is referring to an older scheme used by the YubiKey PIV Manager.
ykman
can actually store the management key in a pin protected part of the device, using the--protect
flag. I have not verified it yet, but it looks likeyubikey-agent
andykman
should be compatible in this regard.The text was updated successfully, but these errors were encountered: