knowledge/YubiKey-Guide
1
0
Fork 0
mirror of https://github.com/drduh/YubiKey-Guide.git synced 2024-06-17 07:32:22 +00:00
Code Issues Releases Activity

Adds warning about PUK being default

Browse Source
This commit is contained in:
Nemo 2020-12-25 12:52:37 +05:30
parent fc6f9eb80d
commit 548b2adf2b
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -4,6 +4,8 @@ Keys stored on YubiKey are [non-exportable](https://support.yubico.com/support/s
**New!** [drduh/Purse](https://github.com/drduh/Purse) is a password manager which uses GPG and YubiKey. **New!** [drduh/Purse](https://github.com/drduh/Purse) is a password manager which uses GPG and YubiKey.
**Security Note**: If you followed this guide before Jan 2021, your PUK (Pin Unblock Key) may be set to its default value of `12345678`. An attacker can use this to reset your PIN and use your Yubikey. Please see the [Change PUK](#change-puk) section for details on how to change your PUK.
If you have a comment or suggestion, please open an [Issue](https://github.com/drduh/YubiKey-Guide/issues) on GitHub. If you have a comment or suggestion, please open an [Issue](https://github.com/drduh/YubiKey-Guide/issues) on GitHub.
- [Purchase](#purchase) - [Purchase](#purchase)
@ -326,7 +328,7 @@ From YubiKey firmware version 5.2.3 onwards - which introduces "Enhancements to
## YubiKey ## YubiKey
To feed the system's PRNG with entropy generated by the YubiKey itself, issue: To feed the system's PRNG with entropy generated by the YubiKey itself, issue:
```console ```console
$ echo "SCD RANDOM 512" | gpg-connect-agent | sudo tee /dev/random | hexdump -C $ echo "SCD RANDOM 512" | gpg-connect-agent | sudo tee /dev/random | hexdump -C
``` ```
This will seed the Linux kernel's PRNG with additional 512 bytes retrieved from the YubiKey. This will seed the Linux kernel's PRNG with additional 512 bytes retrieved from the YubiKey.