Why is the password safe limited to store only 20 characters passwords?

Lucas_Dehandschutter · March 24, 2019, 5:42pm

Hi,
I’m very disapointed.
Most of my passwords are near 32 characters and the safe can only hold 20 characters long passwords!
Why such a limitation?

Is the nitrokey pro 2 capable to hold 32 char passwords?

Regards,

Lucas

Peacekeeper · March 26, 2019, 12:14pm

I don’t think so - never tried it. The actual firmware has in the file nitrokey-pro-firmware/src/inc/ password_safe.h still a limit of 20 characters. In a backlog report it is mentioned, that the HID protocol only allows 64 bytes in one packet; so while 32 bytes (new & old pw) would be possible to store 32 one byte characters, room for overhead is missed. So NK currently has not changed that in NK Pro v2.

As they now need to go away from HID for Win10, there might be in future a chance. BUT e.g. I am using UTF8 as a charset and in my passwords I love to include foreign languages characters. AND, while today 32 characters seem to be save and in use with GPG, why do any limitations ?

Would it not be better to store your passwords outside of NK and use the keys on NK to encrypt/decrypt the whole pw safe ( or one of the drawers inside the safe )

jan · March 26, 2019, 4:14pm

The limitations is because of technical constrains. We only have limited amount of flash storage available.

Peacekeeper · March 31, 2019, 7:54pm

While I understand the flash size limitation, I already suggested to change the mode how to store pw: instead of a fixed length, a variable length would be a more flexible use. So the user could decide, if she want to store maximum amount of passwords or less passwords with more chars.
This could be applied to all NK’s that store pw’s

nitroalex · April 1, 2019, 2:54pm

In this case we would need some kind of structure which produces an overhead which consequently leads to even fewer characters available in general. This is a tricky thing, sorry.

szszszsz · April 2, 2019, 8:27am

Relevant issues:

Peacekeeper · April 3, 2019, 10:15am

Yes, understand that you will need at least a byte for the lenght - start could be calculated out of the lengfh-byte chain. So you might lose some byte, but you will win flexibility: today for a 6 char pin, you waste 14 chars - and you are limited to 20 chars/slot . With the suggested solution, you would “win” 13 chars - which already could extend 1 slot with 32 chars.
So, again I think it could be an improvement. BTW: while I understand that the Flash Space is a challange, does this also apply for the firmware space ? Otherwise you could include it optional