PHPCRED-40: Allow new keys to be seeded with a Yubikey press



Issue Information

Issue Type: New Feature
 
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PHPCredlocker (PHPCRED)
Resolution: Won't Fix (2019-09-09 15:51:10)

Created: 2014-10-25 16:30:23
Time Spent Working


Description
The output of a yubikey is complex, though technically predictable by Yubico.

To help lessen the potential effect of a compromised RNG on the server, the following could be implemented during key generation

- Field to provide a Yubikey press (optional)

If provided, XOR the submission (minus the first 12 chars which never change) against a stream from the servers RNG.

Both sources of entropy would then need to be compromised in order to calculate the key.


Toggle State Changes

Activity


Bulk Closing as Won't Fix.

Credlocker is EOL so no further work will be done.
btasker changed status from 'Open' to 'Closed'
btasker added 'Won't Fix' to resolution