Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhancement - Customizable fails-until-wipe and 3-fail-failsafe #134

Open
MattariOnline opened this issue Jan 10, 2022 · 0 comments
Open

Comments

@MattariOnline
Copy link

Context:
Hey guys, apologies if this isn't the place to suggest this, but I had two related feature suggestions that would do well to improve the security of OnlyKey, as simple as it may be. I customized some variables in the firmware to do it, myself, but ran into far too many issues thus far and still haven't been able to compile it due to weird bugs.

Suggestions:

  1. Allow the user to customize the number of failures prior to data and/or firmware wipe.
  2. Add a toggle to disable the 3-failure session timeout so that someone could pin out 10 (or N number of) times and wipe the device in one session.

Reasoning:
While 10 failures to wipe is pretty standard, even found in iPhones and Androids, there are many situations where a lower fail-to-wipe count might be preferred.
Additionally, the 3-failure session timeout is nice for end-users, but it's also a tell that the device has countermeasures against failed pin-in attempts.
For my use case, I would have a no-timeout 3-fail full-wipe on the device, but unfortunately that isn't possible with the current signed production firmware.

Could this please be considered as a future feature?
I would love to see this added as it would give us, especially those of us in IT, far mroe control with the security of our credentials and devices.
Thanks for reading and any assistance with this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant