Skip to content

Commit

Permalink
README: drop note about ykman and PIN bruteforcing (#23)
Browse files Browse the repository at this point in the history 
Fixes #21
  • Loading branch information
@dagheyman
dagheyman authored May 13, 2020
1 parent 680e3c9 commit 8781bc0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ If the PUK is also entered incorrectly three times, the key is permanently irrec

In practice, any PIV token with an RSA or ECDSA P-256 key and certificate in the Authentication slot should work, with any PIN and touch policy. Simply skip the setup step and use `ssh-add -L` to view the public key.

`yubikey-agent -setup` generates a random Management Key and [stores it in PIN-protected metadata](https://pkg.go.dev/github.com/go-piv/piv-go/piv?tab=doc#YubiKey.SetMetadata). Note that this is a different scheme from the `ykman` one, which enables PIN bruteforcing.
`yubikey-agent -setup` generates a random Management Key and [stores it in PIN-protected metadata](https://pkg.go.dev/github.com/go-piv/piv-go/piv?tab=doc#YubiKey.SetMetadata).

### Alternatives

Expand Down

0 comments on commit 8781bc0

Please sign in to comment.