Hi, the Yubikey 4 supports HMAC-SHA1 for challenge response mode, to be used with KeePassXC (and maybe other applications). I found out that the Nitrokey supports HOTP passwords, but I don’t think these are the same thing? Are they?
If not, is support for HMAC-SHA1 planned for future versions of Nitrokey?
1 Like
Hi,
technically the Nitrokey Pro and Storage does support HMAC-SHA1, which we frequently refer to as HTOP. Whether this is working the same way it is on Yubikey I can’t say.
As your question seems to aim on KeePassXC there is no support for Nitrokey as second factor right now, as far as I know. See this GitHub issue as well.
But there is a plugin for KeePass if you can’t wait until KeePassXC has implemented such support for OpenPGP Card or HOTP compatible devices. This is described here.
Kind regards
Alex
Nice finding! I have dropped them a message.
@anon99020392 You can always register a feature request on Pro’s issues site.
Thanks, I don’t even fully understand what HMAC-SHA1 is, so creating an issue for this doesn’t make a lot of sense for me hehe. ^^
So as far as I understand it, the Nitrokey doesn’t support his yet and cannot be used instead of a Yubikey in KeepassXC. I hope this will be supported in the future! Thanks for your help.
Mh, that depends on how you see it. I would say KeePassXC does not support Nitrokey yet But you are right, the Nitrokey is not working the same way as the Yubikey regarding the feature already included in KeePassXC (challenge-reponse), yes. They could either include a HOTP field like it is done in the plugins for KeePass or they find a more general way which works for other smartcards as well, as suggested in the issue.