What do you think about adding more secret types to the Nitrokey 3 secrets app? Specifically, what are your thoughts on including monotonic counters that can only be increased and reset via factory reset to prevent replay attacks?
/edit: removed second password type as already present challenge-response IS basically hmac and not YK proprietary.
Excellent idea. I’d immediately have different usecases for a monotonic counter, particularly if it could be a timestamp.
Also, the Nitropads heads firmware implements and stores a TPM counter key, which can be checked manually on each /boot update. This is one application that could potentially be checked automatically.
One point I’m wondering is what the opinion is regarding NK wear due to frequent updates of such a secret type.