Foxboron
commented
3 months ago The issue is that passphrase implies that you write a longer passphrase. The point of using "PIN" to tell people that with DA procetion you can have a 4 digit numerical pin as protection for the key. Writing "TPM Passphrase" does not convey this.
The reason why it says so in the askpass prompt is because there are askpass programs that cache the "passphrase" based off on the "askpass" prompt. Thus you end up with inconsistentcies like this.
So I'm not really convinced I want all of these changes.
dcousens
As part of https://github.com/Foxboron/ssh-tpm-agent/commit/f8a5360393a33c7b162cb323ad09ced5a9d0738f, you used the phrasing passphrase, not PIN; and the usage seems inconsistent throughout.
This pull request replaces any usage of
pinwithpassphrase(orpassinternally), such that the usage and terminology (and stdout output) is somewhat consistent withssh-keygen.I think pointing out that TPM 2.0 has well defined anti-hammering protection is informative as to the type of passphrase you could use compared to hinting specifically that you have PIN support; which nearly sounds like a limitation to me than a feature.
However I am not too opinionated on keeping ce6edea in this pull request if you feel otherwise.