diff options
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -4,7 +4,7 @@ Keys stored on YubiKey are [non-exportable](https://support.yubico.com/support/s **New!** [drduh/Purse](https://github.com/drduh/Purse) is a password manager which uses GPG and YubiKey. -**Security Note**: If you followed this guide before Jan 2021, your PUK (Pin Unblock Key) may be set to its default value of `12345678`. An attacker can use this to reset your PIN and use your Yubikey. Please see the [Change PUK](#change-puk) section for details on how to change your PUK. +> **Security Note**: If you followed this guide before Jan 2021, your GPG *PIN* and *Admin PIN* may be set to their default values (`123456` and `12345678` respectively). This would allow an attacker to use your Yubikey or reset your PIN. Please see the [Change PIN](#change-pin) section for details on how to change your PINs. If you have a comment or suggestion, please open an [Issue](https://github.com/drduh/YubiKey-Guide/issues) on GitHub. @@ -463,7 +463,7 @@ ydOmByxmDe63u7gqx2XI9eDgpvJwibNH Use upper case letters for improved readability if they are written down: ```console -$ tr -dc '[:upper:]' < /dev/urandom | fold -w 20 | head -n1 +$ LC_ALL=C tr -dc '[:upper:]' < /dev/urandom | fold -w 20 | head -n1 BSSYMUGGTJQVWZZWOPJG ``` @@ -1292,7 +1292,7 @@ General key info..: [none] Use the [YubiKey Manager](https://developers.yubico.com/yubikey-manager) application (note, this is not the similarly named older YubiKey NEO Manager) to enable CCID functionality. ## Enable KDF -Key Derived Function (KDF) enables YubiKey to store the hash of PIN, preventing the PIN from being passed as plain text. +Key Derived Function (KDF) enables YubiKey to store the hash of PIN, preventing the PIN from being passed as plain text. Note that this requires a relatively new version of GnuPG to work, and may not be compatible with other GPG clients (notably mobile clients). These incompatible clients will be unable to use the YubiKey GPG functions as the PIN will always be rejected. If you are not sure you will only be using your YubiKey on supported platforms, it may be better to skip this step. ```console gpg/card> admin |