Jump to content
Enpass Discussion Forum

maxdamo

Members
  • Posts

    2
  • Joined

  • Last visited

Posts posted by maxdamo

  1. hello. 

    as you probably know Yubikey supports offline operation and, for instance, it's actually used to open encrypted volumes with LVM https://github.com/cornelinux/yubikey-luks

    LVM uses 8 slots to store passwords, which means that it's possible to set 8 different password or yubikey challenges. In other words, if the yubikey is lost, you can use the password, if the password if forgotten you can use they yubikey. 

    We (the users) don't understand what you see as being wrong with this implementation. What you think the guy of the project above for LVM did wrong? 

  2. On 7/8/2016 at 2:50 PM, Vinod Kumar said:

    [ cut ]

    But it doesn't mean that we don't want to take our chances with Yubikey. You guys are right saying that we can add Yubikey support by splitting master password in two parts (user provided + static from Yubikey) and definitely the approach will work. However, Yubikey is not compatible with all mobile devices. We have to wait until Yubikey supports all major mobile platforms before promising anything to you. Also, we have limited resources here and at the moment, we are very busy with other important features like attachment support. 

    @Niko_K the link you sent is experimental code and offers security and have limitations as above solution. 

    @Vinod Kumar IMO it should be "user provided" or "static from Yubikey" (and not the combination of both).

    • first reason, is that the "user provided" password is a backdoor, if the yubikey is lost or broken.
    • Secondly, we are a bit tired of typing ^_^ 
    • 3rd, it's a super-long password which cannot be broken/guessed in any way, and the few characters that you'll add won't add any security (yes, if somebody steals the key, can use it to login, but they need to steal the laptop together with they key.... let's go back to real life scenarios -_- )

    There is a fork of KeepassX for Linux which supports Yubikey static password.... unfortunately they are not providing a backdoor password, and it's a bit scary to use it. There is experimental code: you need to query the yubikey (with proper api, libraries, tools, whatever, ) to grab the static password. 

×
×
  • Create New...