bdl Posted September 27, 2017 Report Posted September 27, 2017 Some hardware auth tokens such as Yubikey support a challenge-response mode. i.e. you initialise the token with a secret which is henceforth only available to the token (backup of the key excluded). You take the user's password and send it as the challenge to the token, which calculates a HMAC using the key and returns the response, which is used as the database password. e.g. https://sourceforge.net/p/passwordsafe/discussion/134800/thread/7463e2a3/#7e4e It'd be neat if enpass supported this. 2
Bill Rossum Posted September 28, 2017 Report Posted September 28, 2017 +1 PLEASE ADD THIS. I have a Ledger Nano S cryptocurrency hardware wallet which can act as a U2F hardware device which I would love to be able to use in place of a master password.
bdl Posted September 29, 2017 Author Report Posted September 29, 2017 @Bill Rossum: the challenge-response mechanism isn't U2F (that's targeted to web authentication). From what I can tell the Ledger device does support a challenge-response mode (used in the Windows Hello authentication feature), so I guess enpass could support that - or someone could write a Ledger app to emulate the Yubikey-style challenge-response protocol: https://github.com/Yubico/python-yubico/blob/master/yubico/yubikey_usb_hid.py#L491. The latter would be better as it'd give you support for all the other services that use Yubikey challenge-response (e.g. the PAM module, LUKS disk encryption, etc).
boistordu Posted May 16, 2018 Report Posted May 16, 2018 We know that it should be for web app but if you say was the ONLY usecase then -> we wouldn't use it to auth in windows 7 locally -> we wouldn't use it to auth in keepass locally -> we wouldn't use it to auth to QubesOS and decrypt the device LOCALLY Should I continue? Yubikey CAN and SHOULD be used to decrypt encrypted assets in ALLL password manager
Donald Posted August 21, 2018 Report Posted August 21, 2018 Agreed. Nice to have such kind of security feature. Waiting for response from developers....
JAL Posted January 8, 2019 Report Posted January 8, 2019 We‘re searching an password manager since a while. 1password was our first idea but we don‘t buy software subscriptions … so we came to Enpass – but a 2FA with Hardwaretoken (offline) is a must – not allowed to use something else because of contracting reasons.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now