Adds warning about PUK being default

author: Nemo <me@captnemo.in> 2020-12-25 12:52:37 +0530
committer: Nemo <me@captnemo.in> 2020-12-25 12:52:39 +0530
commit: 548b2adf2b8d5d2d8b45bac2f7d4900530117fec (patch)
tree: 0e89272885080516da01220a4e0030e0ea30f174 /README.md
parent: Merge pull request #218 from DevSecNinja/devsecninja/addPowerShellCommand (diff)
download: YubiKey-Guide-548b2adf2b8d5d2d8b45bac2f7d4900530117fec.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/README.md b/README.md
index 47f5c0b..bb80563 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,8 @@ Keys stored on YubiKey are [non-exportable](https://support.yubico.com/support/s
 
 **New!** [drduh/Purse](https://github.com/drduh/Purse) is a password manager which uses GPG and YubiKey.
 
+**Security Note**: If you followed this guide before Jan 2021, your PUK (Pin Unblock Key) may be set to its default value of `12345678`. An attacker can use this to reset your PIN and use your Yubikey. Please see the [Change PUK](#change-puk) section for details on how to change your PUK.
+
 If you have a comment or suggestion, please open an [Issue](https://github.com/drduh/YubiKey-Guide/issues) on GitHub.
 
 - [Purchase](#purchase)
@@ -326,7 +328,7 @@ From YubiKey firmware version 5.2.3 onwards - which introduces "Enhancements to
 ## YubiKey
 
 To feed the system's PRNG with entropy generated by the YubiKey itself, issue:
-```console 
+```console
 $ echo "SCD RANDOM 512" | gpg-connect-agent | sudo tee /dev/random | hexdump -C
 ```
 This will seed the Linux kernel's PRNG with additional 512 bytes retrieved from the YubiKey.
author	Nemo <me@captnemo.in>	2020-12-25 12:52:37 +0530
committer	Nemo <me@captnemo.in>	2020-12-25 12:52:39 +0530
commit	548b2adf2b8d5d2d8b45bac2f7d4900530117fec (patch)
tree	0e89272885080516da01220a4e0030e0ea30f174 /README.md
parent	Merge pull request #218 from DevSecNinja/devsecninja/addPowerShellCommand (diff)
download	YubiKey-Guide-548b2adf2b8d5d2d8b45bac2f7d4900530117fec.tar.gz