Adds warning about PUK being default
This commit is contained in:
parent
fc6f9eb80d
commit
548b2adf2b
|
@ -4,6 +4,8 @@ Keys stored on YubiKey are [non-exportable](https://support.yubico.com/support/s
|
||||||
|
|
||||||
**New!** [drduh/Purse](https://github.com/drduh/Purse) is a password manager which uses GPG and YubiKey.
|
**New!** [drduh/Purse](https://github.com/drduh/Purse) is a password manager which uses GPG and YubiKey.
|
||||||
|
|
||||||
|
**Security Note**: If you followed this guide before Jan 2021, your PUK (Pin Unblock Key) may be set to its default value of `12345678`. An attacker can use this to reset your PIN and use your Yubikey. Please see the [Change PUK](#change-puk) section for details on how to change your PUK.
|
||||||
|
|
||||||
If you have a comment or suggestion, please open an [Issue](https://github.com/drduh/YubiKey-Guide/issues) on GitHub.
|
If you have a comment or suggestion, please open an [Issue](https://github.com/drduh/YubiKey-Guide/issues) on GitHub.
|
||||||
|
|
||||||
- [Purchase](#purchase)
|
- [Purchase](#purchase)
|
||||||
|
@ -326,7 +328,7 @@ From YubiKey firmware version 5.2.3 onwards - which introduces "Enhancements to
|
||||||
## YubiKey
|
## YubiKey
|
||||||
|
|
||||||
To feed the system's PRNG with entropy generated by the YubiKey itself, issue:
|
To feed the system's PRNG with entropy generated by the YubiKey itself, issue:
|
||||||
```console
|
```console
|
||||||
$ echo "SCD RANDOM 512" | gpg-connect-agent | sudo tee /dev/random | hexdump -C
|
$ echo "SCD RANDOM 512" | gpg-connect-agent | sudo tee /dev/random | hexdump -C
|
||||||
```
|
```
|
||||||
This will seed the Linux kernel's PRNG with additional 512 bytes retrieved from the YubiKey.
|
This will seed the Linux kernel's PRNG with additional 512 bytes retrieved from the YubiKey.
|
||||||
|
|
Loading…
Reference in New Issue