Closed Ingo-Albrecht closed 3 months ago
Regarding the v2.5.0 release note outlining the HTOP fix for NK3 devices:
Can users who have been running the flawed previous implementation combo for heads/NK3 reverse-HTOP rely on checking the separate TOTP secret to verify the heads firmware is unaltered to the one they took ownership on? (see https://github.com/Nitrokey/nitrokey-hotp-verification/issues/30#issuecomment-2073971184)
If yes, I suggest to mention TOTP in the first bullet point of the release note explicitly as a trust anchor (e.g. for a recovery shell or usb boot, if deemed necessary).
That's a good point - will update the release note - thanks.
Regarding the v2.5.0 release note outlining the HTOP fix for NK3 devices:
Can users who have been running the flawed previous implementation combo for heads/NK3 reverse-HTOP rely on checking the separate TOTP secret to verify the heads firmware is unaltered to the one they took ownership on? (see https://github.com/Nitrokey/nitrokey-hotp-verification/issues/30#issuecomment-2073971184)
If yes, I suggest to mention TOTP in the first bullet point of the release note explicitly as a trust anchor (e.g. for a recovery shell or usb boot, if deemed necessary).