OTP static key limited to 8 characters instead of 32 on pico

[niansa]

$ ykman otp static 1 DrHfEHtICeCeNuEjkfHJdCGuvbhEhGvDenecgk
Slot 1 is already configured. Overwrite configuration? [y/N]: y

Stored password ends up being: DrHfEHtI

[polhenarejos]

Did you try it with a legit Yubikey? It seems that YKMAN supports 16 bytes for static OTP (if you have 8 might be caused by SHORT_TICKET flag).

[polhenarejos]

From Yubico documentation, static passwords are 16 bytes length:

https://docs.yubico.com/yesdk/users-manual/application-otp/commands-configure-slot.html

From specs, it cannot increased, as it would overflow the frame buffer.

[niansa]

But then why can it only be 8, not 16?

[polhenarejos]

Not really. In version 5.8 we removed that limitation and Pico Fido is able to send up to 38 bytes.