Items tagged with: Nitrokey
Wer etwas anderes behauptet, verbreitet gezielt Falschaussagen, mit dem Ziel dem Blog bzw. meiner Person zu schaden. Das ist traurig, aber leider eine beliebte Taktik von einem bestimmten Personenkreis.
This depends on your threat model, see also https://infosec-handbook.eu/blog/discussion-secure/#sauth
If your accounts don't support WebAuthn and/or U2F but time-based one-time passwords (TOTP), you can simply use an app like FreeOTP to generate TOTPs on your smartphone. This is considered more secure and more private than SMS-based 2FA, and you don't need to buy additional hardware.
#nitrokey #yubikey #2fa #u2f #webauthn #totp
First of all, a Nitrokey Pro can only store up to 16 passwords. Each entry is limited to 20 characters, however, non-ASCII chars count twice or even more, forcing passwords to be shorter. Usernames are limited to 32 characters. To access the password manager, you must use the Nitrokey App. The same seems to be valid for the 2018 Nitrokey Pro 2.
We use KeePass 2, and KeePassXC.
We compared both security tokens in https://infosec-handbook.eu/blog/yubikey4c-nitrokeypro/.
We also compared the U2F/WebAuthn-only tokens: https://infosec-handbook.eu/blog/yubico-security-key-nitrokey-u2f/.
Besides, we provide some use cases for Linux users: https://infosec-handbook.eu/blog/yubikey-2fa-pam/
(We didn't accept any sponsoring by Nitrokey or Yubico.)
#yubikey #nitrokey #u2f #webauthn #fido2 #infosec #security
If there is no specific reason for you to buy the Nitrokey FIDO U2F (which is based on the U2F Zero) and you want open hardware, buy a SoloKey (https://solokeys.com/).
The SoloKey is the official successor of the U2F Zero, and – more importantly – it already supports WebAuthn/FIDO2 (unlike the Nitrokey FIDO U2F).
Besides, keep in mind that U2F/WebAuthn support may not be available for your web services at the moment.
#nitrokey #solokey #u2f #webauthn
@Nitrokey einen Hint evtl. für etwas Grundlegendes was ich vergessen haben könnte?
#gpg #nitrokey #nitrokeypro #opensc #scdaemon
– we didn't verify this tool (since we don't own a Nitrokey Start)
– the Nitrokey Start isn't tamper-resistant according to Nitrokey UG
– security tokens use PINs only for authorization of cryptographic operations, not for decryption of the private, secret GPG key
– the Nitrokey Start is the only Nitrokey with support for Ed25519 so far
#gpg #nitrokey #infosec #cybersecurity #security