From 548b2adf2b8d5d2d8b45bac2f7d4900530117fec Mon Sep 17 00:00:00 2001 From: Nemo Date: Fri, 25 Dec 2020 12:52:37 +0530 Subject: [PATCH] Adds warning about PUK being default --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 47f5c0b..bb80563 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,8 @@ Keys stored on YubiKey are [non-exportable](https://support.yubico.com/support/s **New!** [drduh/Purse](https://github.com/drduh/Purse) is a password manager which uses GPG and YubiKey. +**Security Note**: If you followed this guide before Jan 2021, your PUK (Pin Unblock Key) may be set to its default value of `12345678`. An attacker can use this to reset your PIN and use your Yubikey. Please see the [Change PUK](#change-puk) section for details on how to change your PUK. + If you have a comment or suggestion, please open an [Issue](https://github.com/drduh/YubiKey-Guide/issues) on GitHub. - [Purchase](#purchase) @@ -326,7 +328,7 @@ From YubiKey firmware version 5.2.3 onwards - which introduces "Enhancements to ## YubiKey To feed the system's PRNG with entropy generated by the YubiKey itself, issue: -```console +```console $ echo "SCD RANDOM 512" | gpg-connect-agent | sudo tee /dev/random | hexdump -C ``` This will seed the Linux kernel's PRNG with additional 512 bytes retrieved from the YubiKey.