keepassium
commented
1 year ago The very point of a hardware key is that: 1) it must be present, 2) it cannot be cloned.
Any app which keeps the HMAC secret on the phone automatically fails the first criterion. The phone becomes the only device required to open a database. So if an attacker shoulder-surfs your database (and/or phone) password, the game is over. With a real hardware key, the database remains perfectly protected.
A "software hardware key" also fails the "cannot be cloned" part. The thing is, Secure Enclave (SE) does not perform HMAC-SHA1, so this would need to be done in software, by the app. Which means that at some point the app would need to have the plain-text HMAC secret in device memory. Which makes it vulnerable to copying. Yes, it would be more complicated than copying a key file, but nevertheless. In contrast, a physical hardware key never exposes the secret to the outer world, making it impossible to copy at all.
To my taste, this level of convenience-vs-security tradeoff is too far from the "security" end. I don't want to enable bad security practices, so KeePassium is not planning any kind of "software hardware keys".
Buying another key with NFC or lightning, and perhaps another one for backup and constantly having to tap your phone with a key is just not something I’d imagine a lot of people would be doing.
Information protection is a spectrum. There are millions of people who think that "letmein" is a good password for all their services. Can they imagine people like us, who don't know their passwords, keep multiple backup copies, use an app to log in to anything, sometimes even pay for that app? And they are right: "letmein" is easy, free and waaaay more convenient. Yet here we are :)
jasperweiss
Describe the feature you'd like I like Strongbox’s addition of “virtual hardware keys” because yubikeys are a pain to use on your phone and it’s a nice backup in case you lose your yubikey.
If you could setup a yubikey and copy it’s HMAC secret to KeePassium which would then store it in the Secure Enclave which would itself perform the HMAC operation from then on, that be great. It’s the only scenario in which I could see myself using yubikeys. Buying another key with NFC or lightning, and perhaps another one for backup and constantly having to tap your phone with a key is just not something I’d imagine a lot of people would be doing.
Being able to have a Yubikey 4 (USB-A, non-NFC) permanently plugged into my desktop for KeePassXC, and my iPhone’s Secure Enclave, strengthening the password and rotating the key constantly with hardware backed keys without any hassle would just be amazing.