onlykey
onlykey
Hi one of our users requested we provide some detail here. OnlyKey is supported by other password managers that utilize the HMACSHA1 challenge-response feature such as KeePassXC, to add support...
@strongbox-mark Currently OnlyKey supports challenge response with KeepassXC and Authlite and is stable. I am not sure what would be different here as those also use ykcore. There are some...
@strongbox-mark > Does Onlykey have an equivalent of a YubiKey serial number or identifier we can use? OnlyKey does not provide a unique identifier to prevent user tracking. Implementations assume...
@wswoodruff Military grade encryption is a marketing term, saying things like AES-256-GCM or RSA-4096 means nothing to most general users.
@wswoodruff Yes, up to 32 ECC keys are supported of types X25519, NIST P256, and secp256k1.
@wswoodruff Thanks! If you are using kbpgp on your open-source project it's probably also OnlyKey compatible with some minor changes to kbpgp. I went ahead and added this to our...
@whinis Yes, we can also send you an OnlyKey to test if you email support at crp.to OnlyKey supports the same HMAC Sha1 used by the yubikey library. The only...
@JonahAragon If you can let me know what issues you have with OnlyKey I will be glad to respond to and address those concerns. I think as @github-userx mentioned it...
@JonahAragon I wanted to follow up here as I didn't get a response to my previous message. I need to be able to understand the threat model you are referring...
> Saving the HMAC-SHA1 key to the mobile device itself defeats the whole purpose of having a removable(!) second factor. This line has been blured some with built in secure...