Nitrokey Start: Panic Password Feature Request

As there is already the possibility to set a reset code, is it possible somehow to use that code as a panic password that disables or resets the token when entered instead of the real password?

I understand that the functionality follows a defined protocol but maybe this feature could be optionally patched into the firmware?

Hmm, so you want to have two passwords: one as usual and one - damn it was the wrong one - that destroy’s the key ? If you don’t remember the first, why would you remember the second ?

Disabling could be easy: just enter enough time the wrong password and it will be disabled. But a second password , I would vote against it as it makes the NK more insecure.
Sorry :innocent:

How do you enter a password three times in such situations?

To be honest: I would not even have an idea of any panic password due to my panic …

If you are afraid about somebody is water-boarding you to get your pin then you should not be in such a risky business - Real man die before the lay off secrets :cowboy_hat_face::crossed_swords:

To directly answer the question, it is possible to implement and introduce such feature, as Nitrokey Start’s firmware is flexible, and on top of that - updateable. However I fail to see would that save the situation, like presented in the image. I would guess, that this would escalate it.

I do not specialize in such cases, so please take it with a grain of salt. Instead of clearing the key with the panic PIN, I would thought about another solution - using separate key set per entered PIN. Then one could fool the oppressors, that they have the wrong device, since one complied to their request and has provided the correct PIN (proved by device being working, but not with the given particular encrypted data).

1 Like