Comments (11)
What is the current state of this issue?
I just tried out a Nitrokey Storage 2 and I'm a bit surprised that passwords can only have up to 20 characters. Unfortunately, this is not documented anywhere on the website. In my eyes, the whole purpose of such a hardware secured password manager is to store longer passphrases, which I can't.
The suggested workaround in issue Nitrokey/nitrokey-app#269 to store the password in the login field is a bit shocking to me, as this exposes the secret to bystanders and screenshots/casts. A slightly better solution would be to swap the restrictions: only 20 characters for the login and 32 characters for the password.
In my opionion, a better solution is suggested in Nitrokey/nitrokey-storage-firmware#38 to use a dynamic storage scheme, as users could choose between longer passwords/fields and fewer entries.
from nitrokey-pro-firmware.
@jonathancross See this article, which covers a specific implementation too but also explains the general scheme.
from nitrokey-pro-firmware.
While the Master Password algorithm sounds like a nice feature, I also agree to @jonathancross that this does not solve the aforementioned problem, because people might want to simply store a pre-defined password/passphrase which currently does not fit into the current storage layout.
The Master Password feature would only allow creating new passwords, not to store exisiting ones. Therefore I'm still in favor of the dynamic storage scheme.
from nitrokey-pro-firmware.
Hi! I am sorry, but I do not have any updates on that feature. I would like to leave it open to remind us about this particular feature demand.
from nitrokey-pro-firmware.
Just to show current state - current memory limit for:
- OTP: 512 bytes+
- PWS: 2*512 bytes
Additionally, one USB packet (USB 1.1) cannot take more than 64 bytes of data (of which around 55 are user data).
from nitrokey-pro-firmware.
We are considering to move to a master-password scheme which would have the benefits:
- No synchronization to other systems is necessary, once the master password has been setup once.
- No limit of amount of accounts (leaving meta data beside).
- Long passwords
What do you think?
from nitrokey-pro-firmware.
Thanks @jans23 , can you explain more about how the master-password scheme would work?
from nitrokey-pro-firmware.
Thanks @jans23 Unfortunatly a master-password setup doesn't sound like it would address the original issue -- desire to use / store secure passphrases.
It still might be interesting though.
Would the system also allow users to select characters used in the generated passwords?
Some situations need special chars, others reject them, some symbols are okay, others not, sometimes first character can't be a number, etc.
from nitrokey-pro-firmware.
It depends on how you define "original issue". If it's defined as "securely store login credential" for instance, it would be addressed. I agree, it may require thinking outside of the box and maybe only cover 90% of use cases. But once accepted, it should serve very well.
Special charcters and options: yes.
from nitrokey-pro-firmware.
By "original issue", I meant specifically storing passphrases (4-12 random lowercase words). Also agree with @muellermartin about storing existing passwords (or other sensitive data like a bitcoin private key, etc.)
from nitrokey-pro-firmware.
Are pass phrases (long passwords) still not supported? Or can this be closed?
from nitrokey-pro-firmware.
Related Issues (20)
- Nitrokey HSM: handle v4.0 smart cards
- Question: Support EC operations HOT 1
- Request: support longer OTP secrets, up to 64 bytes
- Nitrokey HSM: timeout on initialization after heavy use
- Nitrokey HSM: invalid serial number after a heavy load
- Allow to set a custom USB serial number
- WRONG_PASSWORD after accessing Nitrokey with scdrand HOT 10
- Adjust firmware for the new MCU
- Customise firmware HOT 3
- Adding Curve25519 support (on my own) HOT 2
- Consider using stack canaries via -fstack-protector* flags HOT 2
- Instructions with modern OpenOCD? HOT 6
- HW4: swapped red and green LEDs
- Lock device before Factory Reset execution
- Add HMAC for AES key
- OTP functionality HOT 7
- Document minimum compiler version
- Nitrokey Pro firmware upgrade from 0.9 -> 0.14 impossible from nitropy? HOT 6
- R3 Nitrokey Pro failure to enable update mode HOT 6
- PGP key used to sign binary firmware is not available HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nitrokey-pro-firmware.