PHPCRED-40: Allow new keys to be seeded with a Yubikey press



Issue Information

Issue Type: New Feature
 
Priority: Major
Status: Open

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PHPCredlocker (PHPCRED)
Resolution: Unresolved

Created: 2014-10-25 16:30:23
Time Spent Working


Description
The output of a yubikey is complex, though technically predictable by Yubico.

To help lessen the potential effect of a compromised RNG on the server, the following could be implemented during key generation

- Field to provide a Yubikey press (optional)

If provided, XOR the submission (minus the first 12 chars which never change) against a stream from the servers RNG.

Both sources of entropy would then need to be compromised in order to calculate the key.


Toggle State Changes

Activity