TOTP Tweaks #607
TOTP Tweaks #607
Conversation
Update text on TOTP error prompt to provide better guidance for users following the use of the OEM factory reset function Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Reduce friction when generating a new TOTP/HOTP secret by elimiating an unnecessary 'press enter to continue' prompt following QR code generation, and by attempting to use the default admin PIN set by the OEM factory reset function. Fall back to prompting the user if the default PIN fails. Also, ensure error messages are visibile to users before being returned back to the GUI menu from which they came by wrapping existing calls to die() Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
|
Not sure about consuming one Admin PIN attempt out of 3 with default oem password here.
…On August 27, 2019 2:24:41 AM UTC, MrChromebox ***@***.***> wrote:
Reduce friction when generating a new TOTP/HOTP secret by eliminating
an unnecessary 'press enter to continue' prompt following QR
code generation, and by attempting to use the default admin PIN set by
the OEM factory reset function. Fall back to prompting the user if the
default PIN fails.
Update text on TOTP error prompt to provide better guidance for users
following the use of the OEM factory reset function
Also, ensure error messages are visible to users before being returned
back to the GUI menu from which they came by wrapping existing calls to
die()
You can view, comment on, or merge this pull request online at:
#607
-- Commit Summary --
* gui-init: update TOTP error prompt
* gui-init/seal-libremkey: reduce friction when generating new secret
-- File Changes --
M initrd/bin/gui-init (14)
M initrd/bin/seal-libremkey (47)
-- Patch Links --
https://github.com/osresearch/heads/pull/607.patch
https://github.com/osresearch/heads/pull/607.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
#607
-- Sent from /e/ Mail
|
I'm not seeing any limit on the number of attempts when calling libremkey_hotp_initialize with an admin (vs user) pin. Am I missing something there? |
|
From my understanding there is 3 attempts before locking specific functions of the key.
3 bad user PINs locks user functions and requires the admin PIN to unlock user functions back to normal.
3 bad admin PINs locks admin and requires the reset PIN to unlock admin functions back to normal.
After it is locked, the only way to unlock admin fonctions is through a reset PIN, not currently provisioned neither in my gpg factory reset script (https://github.com/tlaurion/heads/blob/aea8f0b94bec29f77bb1225921bf37710356ded2/initrd/bin/factory-reset-libremkey.sh) nor in Purism's factory reset code.
No?
I don't have any spare Librem Key to test right now.
…On August 30, 2019 4:38:02 AM UTC, MrChromebox ***@***.***> wrote:
> Not sure about consuming one attempt out of 3 with default oem
password here.
I'm not seeing any limit on the number of attempts when calling
libremkey_hotp_initialize with an admin (vs user) pin. Am I missing
something there?
--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
#607 (comment)
-- Sent from /e/ Mail
|
|
I do see in gnupg's documentation that 3 successive incorrect attempts to login with an admin PIN destroys the card -- which is really, really, bad given we don't warn the user at all, and most are likely completely unaware. |
|
There are three separate secrets on a Librem Key or Nitrokey:
3 failures on #1 apparently destroys the smart card to protect the PIN (but I think this is configurable). In this case the HOTP secret and those functions would still work though--it's independent of the smart card. It's also important to note that the user rarely if ever actually uses the admin GPG PIN--they almost always use the user GPG PIN for operations. 3 failures on #2 locks the user and you have to use the admin PIN to unlock it again to use the GPG secrets. In this case the HOTP secret and those functions would still work though--it's independent of the smart card 3 failures on #3 I believe does nothing. My understanding is that you have unlimited tries against that PIN |
Unless a reset PIN code is set see todo subpoint.
While using the same PIN?
I can't test right now. Thanks for validating this. |
|
@tlaurion I was able to confirm that 3 incorrect admin pin entries when calling libremkey_hotp_initialize does indeed lock out the LK and require a reset |
|
@tlaurion I'm going to drop this PR and resubmit the first commit (to which I don't believe there was any objection) with some others. I'll keep the 2nd commit in our tree for now until I figure out a better way to handle it |
Reduce friction when generating a new TOTP/HOTP secret by eliminating an unnecessary 'press enter to continue' prompt following QR code generation, and by attempting to use the default admin PIN set by the OEM factory reset function. Fall back to prompting the user if the default PIN fails.
Update text on TOTP error prompt to provide better guidance for users following the use of the OEM factory reset function
Also, ensure error messages are visible to users before being returned back to the GUI menu from which they came by wrapping existing calls to die()