-
-
Notifications
You must be signed in to change notification settings - Fork 124
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for longer PINs #36
Comments
The point of using a YubiKey is protecting against bruteforce with hardware, and get the benefit of lower entropy PINs. That's not just ok, it's the design goal. The added complexity can even reduce security: using only the first characters would be very unexpected and dangerous, while a website to do the derivation would expose users to a whole new array of threats. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently the tool supports PINs of up to 8 characters, due to limitations from the YubiKeys. However, this limits the possibility of using passphrases, which are easier to remember. The YubiKey does a good job to prevent bruteforcing, but I think it's still worth adding this functionality.
The idea is to have a PIN, and then use its Base-n hash format, or at least the first 8 encoded characters of it.
This can allow for an unlimited (or at least larger) PIN to be set, and with the proper CLI tool, or maybe even website, someone can determine the YubiKey PIN based on the entered PIN, using the same algorithm.
The text was updated successfully, but these errors were encountered: