User PIN / Admin PIN explanation?

While I understand, I think I would go away from the wording “character” as this is really misleading for the definition of a stored Password ( without a deeper description) . ASCII/ECBDIC are using 7 Bit’s only, Extended ASCII 8 Bits, UTF between 1 and 4 bytes - and all are representing “characters”.
Especially as there is a lock after a number of retries, it is essential to describe this.
Look at this post where the user has used total wrong “characters” and now is a bit lost … ( I would say he is sitting on 59,- Euro crab as he can’t reset the keys any longer )

Anyhow, your turn how easy you like to make the usage of your products :smiley:

1 Like

This is the exact reason why I’d rather keep the description for SO PIN as it is. The wiki is extensive in this point.

You can not block the other models in this way. I totally see your point, but I have no other clear description at hand right now… Furthermore, I always prefer to have a warning in the program which takes the PIN if anything is not fulfilled :thinking:

But anyway, I’ll think about it…

Ok thanks guys. Your answers have made this topic a lot more clear for me. But now one question of mine is still open: Do I lose anything when using the same User and Admin PIN?

When an attacker gets my User PIN but not the Admin PIN, he can get my secret data. When an attacker gets my Admin PIN but not my User PIN, he can also get my secret data. So security-wise, these two are equivalent, I don’t really care about an attacker modifying my data (aka having the Admin PIN instead of “only” the User PIN), because once an attacker is in control of my Nitrokey, I don’t expect him to give it back to me lol.

Same for forgetting/changing the password: I am using my User PIN much more often, so the risk of forgetting the Admin PIN is much higher than forgetting the User PIN. When using a weak Admin PIN (one that is easy to remember), I could as well just use an easy to remember User PIN.

I don’t really get why there are two different PINs for this anyway. When both can be used to read the encrypted data!? So I think I’ll just use the same PIN for both.

1 Like

I would say User PIN is for everyday use, for reading the state of the device. Admin PIN should be only required for the configuration phase, when you setup/write secrets to the device, and then you do not need it again. If you would use the device in an unsafe environment, using the user PIN only, you have the confidence that its state is not altered and it produces reliable, not altered results. The only other thing attacker could do, is removal of all the data from the device.

In case you would like to make use of this read/write separation, perhaps you would like this solution: Nitrokey Pro / Storage devices’ smartcards are easily reset-able to factory-state, so in case you would like to use one PIN on the device, you could set a one-time Admin PIN, configure everything as you like, and once content after a couple of days you could set the Admin PIN to a random value. The downside is, there is no way to write to it anymore unless whole device would be cleared.

In any way, I think that one should choose method that best suits everyday usage and does not make life harder needlessly.

Hi, while I understand on the one side your point, I sometimes type to fast things and --ups it is deleted. So a separate Admin is helpful for me as a second “hurdle” before I do the dangerous things. To make it easy to remember, I “extend” the user-pin to an Admin-pin .eg. when the user pin is 2021 my admin pin would be 202120 ( of course my pins are different :slight_smile: