Less secure because of XML file?

[spikebike]

I noticed when setting up keechallenge that it requires the yubi HMAC-SHA1 secret. I originally thought that was just for setup. But it looks like it's stored (encrypted) in an XML file. From what I can tell it's decrypted and loaded into memory. Thus increasing the chance that an attacker will be able to read the key.

Additionally the secret is encrypted with the users master password (I think) which is likely to have MUCH less entropy than the secret itself (160 random bits). So basically the strong secret is encrypted with a (probably) much less secure password.

What is the benefit of keechallenge keeping the secret around? Isn't the entire point of the yubi key to keep the secret somewhere completely offline/unavailable to an attacker?

Wouldn't it be much more secure to just send the yubi key a hash of the masterseed+password+keyfile (if used), and then encrypt the keepass database with the result of the yubikey's HMAC-SHA1? That way the secret is never on your computer (after the yubi key is initialized).

Is there some benefit to the XML file and keeping the secret around?

[wallaschek]

I would also be interested to know the reason for why the secret of the challenge-response is used for encryption instead of the result.

[Michaelsy]

First of all: Thank you very much for programming and maintaining the plugin!

I would be happy to receive an answer too. since Spikebike's statement confuse me a bit.

[AbramTTP]

This GitHub Repo seems a bit dead. I just got my YubiKey 5C NFC this month (a brand new hardware key user yay) to have this setup, and shortly after successfully getting this to work I see this and I read through my XML.

I do want to know too now. And I looked around the last updated date of most issues and this thread, it seems a bit inactive.