Add support for longer PINs #36
Comments
|
The point of using a YubiKey is protecting against bruteforce with hardware, and get the benefit of lower entropy PINs. That's not just ok, it's the design goal. The added complexity can even reduce security: using only the first characters would be very unexpected and dangerous, while a website to do the derivation would expose users to a whole new array of threats. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently the tool supports PINs of up to 8 characters, due to limitations from the YubiKeys. However, this limits the possibility of using passphrases, which are easier to remember. The YubiKey does a good job to prevent bruteforcing, but I think it's still worth adding this functionality.
The idea is to have a PIN, and then use its Base-n hash format, or at least the first 8 encoded characters of it.
This can allow for an unlimited (or at least larger) PIN to be set, and with the proper CLI tool, or maybe even website, someone can determine the YubiKey PIN based on the entered PIN, using the same algorithm.
The text was updated successfully, but these errors were encountered: