KeeChallenge requires Keepass2, available from.
#Brew keepass mac
This should presumably work on Mac as well, but as of this release this is untested. Put both KeeChallenge.dll and in the KeePass2 folder (on Ubuntu this is /usr/lib/keepass2). Make sure all of the yubico libraries are installed where mono can find them (for example, /usr/lib on Linux or the KeePass2 folder). For this to work, you must also obtain the appropriate versions of the Yubico libraries. To run under Linux using mono, you must modify and add a dllmap entry to let Mono know where to find the native libraries. Platforms: Windows, Linux via Mono, Mac (untested)Īs of v1.0.1 both Windows and Linux (Ubuntu) have been tested successfully. The challenge is stored in plain text in the xml file while the expected response is used to generate the encryption key. The plugin works by pre-computing the next challenge response pair.
If the file is lost or corrupted, a recovery mode allows the user to enter their secret manually to unlock the database. The secret is itself encrypted using AES-256 and stored in a separate xml file. The mutual secret is used as the encryption key. To address this, I created the KeeChallenge plugin for Keepass2 which implements HMAC-SHA1 challenge-response authentication to create a composite Keepass key.
One frustrating limitation of the OTP protocol is that it is not possible to use multiple yubikeys to unlock the same Keepass database.
0 kommentar(er)
