• 🍔🍔🍔@toast.ooo
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 months ago

    i use keepass to store all my passwords, the database file gets synced across my devices through Dropbox, i open it with a master password, i would like to improve this by also requiring the yubikey

    i am kind of confused too as to what exactly the yubikey does in this scenario. my vague understanding is that it was somehow synchronized such that the yubikey would generate sequential random ‘passwords’ which would be checked against the database file (generating its own sequence in the same manner).

    i think it stopped working due to some desynchronization between the yubikey and the database file.

    • MystikIncarnate@lemmy.ca
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      Sync shouldn’t really matter, unless you’re using a hotp code as opposed to a certificate or TOTP code.

      TOTP being temporal, is based on UNIX time, and a seed key. A certificate will be challenged, which will require a challenge and reply all cryptographically encrypted. It’s not something that’s necessarily stored in some kind of sync, or rolling codes.

      I’m not familiar enough with keepass to say what it’s supposed to use with the yubikey in order to work. There’s a few other methods that I’m sure that keepass could leverage to perform the authentication, so I’m not entirely sure what could be the problem.