• @[email protected]
    link
    fedilink
    English
    48 months ago

    The yubikey can perform a hmac using a secret (supposedly) only available to the key’s internals. This is used in addition to the password, so that knowledge of the password without the key, or the key without knowledge of the password, can’t be used to decrypt the database. It’s kind of a half second factor (I know it’s not technically correct to call it that, but I hope you get the idea).

    It’s also in their doc (that they use challenge/response): https://keepassxc.org/docs/ and is even featured on yubico’s website, which is somewhat weird but why not: https://www.yubico.com/works-with-yubikey/catalog/keepassxc/#tech-specs

    The issue GP had is probably that the keepass app does not support it on Android.