Challenge-Response settings are not working properly #123

New Issue

Closed

opened 2025-03-18 18:05:41 +08:00 by IsayIsee · 14 comments

IsayIsee commented 2025-03-18 18:05:41 +08:00 (Migrated from github.com)

Copy Link

Waveshare 2350 one, version 6.4, the challenge response setting requires touch, but in actual use it passes without touching. Flashing pico2 version 6.4 also has the same problem

Waveshare 2350 one, version 6.4, the challenge response setting requires touch, but in actual use it passes without touching. Flashing pico2 version 6.4 also has the same problem

metabo7000 commented 2025-03-19 03:23:05 +08:00 (Migrated from github.com)

Copy Link

It never worked under rp2040 either! I'm deaf to this error!
https://github.com/polhenarejos/pico-fido/issues/104

It never worked under rp2040 either! I'm deaf to this error! [https://github.com/polhenarejos/pico-fido/issues/104](url)

IsayIsee commented 2025-03-19 17:11:11 +08:00 (Migrated from github.com)

Copy Link

Tested on KeePassXC, thanks for the quick fix

Tested on KeePassXC, thanks for the quick fix

a15355447898a commented 2025-03-19 19:55:03 +08:00 (Migrated from github.com)

Copy Link

I also encountered this problem.
I want to ask, if I re-flash a new firmware, will the previously saved keys be cleared?

I also encountered this problem. I want to ask, if I re-flash a new firmware, will the previously saved keys be cleared?

polhenarejos commented 2025-03-19 20:01:32 +08:00 (Migrated from github.com)

Copy Link

If you reflash with the same firmware, nothing will change. Keys are preserved until the board is nuked.

If you reflash with the same firmware, nothing will change. Keys are preserved until the board is nuked.

👍 1

a15355447898a commented 2025-03-19 20:19:03 +08:00 (Migrated from github.com)

Copy Link

I tried the new firmware, but KeePassXC on Arch Linux still can't find the hardware key. However, KeePassXC on Windows can find it. Where did I go wrong?

I tried the new firmware, but KeePassXC on Arch Linux still can't find the hardware key. However, KeePassXC on Windows can find it. Where did I go wrong?    

metabo7000 commented 2025-03-19 22:51:07 +08:00 (Migrated from github.com)

Copy Link

If you reflash with the same firmware, nothing will change. Keys are preserved until the board is nuked.

slot1 and slot2 have content and you turn on require touch to fit in. When you touch touch, nothing happens, only the challenge response is there, so this has not been fixed yet!
https://ibb.co/hRKp8xnf

> If you reflash with the same firmware, nothing will change. Keys are preserved until the board is nuked. slot1 and slot2 have content and you turn on require touch to fit in. When you touch touch, nothing happens, only the challenge response is there, so this has not been fixed yet! [https://ibb.co/hRKp8xnf](url)

polhenarejos commented 2025-03-20 01:09:00 +08:00 (Migrated from github.com)

Copy Link

I tried the new firmware, but KeePassXC on Arch Linux still can't find the hardware key. However, KeePassXC on Windows can find it. Where did I go wrong?

Did you change the Product Name?

> I tried the new firmware, but KeePassXC on Arch Linux still can't find the hardware key. However, KeePassXC on Windows can find it. Where did I go wrong? Did you change the Product Name?

a15355447898a commented 2025-03-20 08:20:13 +08:00 (Migrated from github.com)

Copy Link

I tried the new firmware, but KeePassXC on Arch Linux still can't find the hardware key. However, KeePassXC on Windows can find it. Where did I go wrong?

Did you change the Product Name?

I set the Product Name to yubico yubikey.

Keepassxc on Windows recognizes it normally.

Yubico YubiKey can also be seen in Device Manager.

> > I tried the new firmware, but KeePassXC on Arch Linux still can't find the hardware key. However, KeePassXC on Windows can find it. Where did I go wrong? > > Did you change the Product Name? I set the Product Name to yubico yubikey. Keepassxc on Windows recognizes it normally.  Yubico YubiKey can also be seen in Device Manager. 

polhenarejos commented 2025-03-20 14:18:18 +08:00 (Migrated from github.com)

Copy Link

Use latest nightly development build. Yesterday I pushed a fix.

Use latest nightly development build. Yesterday I pushed a fix.

❤️ 1

a15355447898a commented 2025-03-20 20:25:20 +08:00 (Migrated from github.com)

Copy Link

Use latest nightly development build. Yesterday I pushed a fix.

Problem solved, thanks for the development work!

> Use latest nightly development build. Yesterday I pushed a fix. Problem solved, thanks for the development work!

metabo7000 commented 2025-03-20 21:12:50 +08:00 (Migrated from github.com)

Copy Link

Use latest nightly development build. Yesterday I pushed a fix.

Problem solved, thanks for the development work!

If you turn on Challenge-Response, touch does not work in slot1 and slot2 swap mode, there are still bugs in the development version!

> > Use latest nightly development build. Yesterday I pushed a fix. > > Problem solved, thanks for the development work! If you turn on Challenge-Response, touch does not work in slot1 and slot2 swap mode, there are still bugs in the development version!

IsayIsee commented 2025-03-31 10:40:28 +08:00 (Migrated from github.com)

Copy Link

There is another problem. When the static password is set, setting and deleting the password for the slot does not affect the setting. However, whether you set the challenge first and then the password, or set the password first, set the challenge and then delete the password, it will cause verification to fail.

There is another problem. When the static password is set, setting and deleting the password for the slot does not affect the setting. However, whether you set the challenge first and then the password, or set the password first, set the challenge and then delete the password, it will cause verification to fail.

polhenarejos commented 2025-03-31 15:47:29 +08:00 (Migrated from github.com)

Copy Link

I'm not getting the point. Can you describe step by step the problem to reproduce it? The better with ykman.

I'm not getting the point. Can you describe step by step the problem to reproduce it? The better with ykman.

IsayIsee commented 2025-04-01 11:20:07 +08:00 (Migrated from github.com)

Copy Link

To put it simply, as long as the otp is set to challenge the password attribute of the modified slot, the challenge data will be damaged and the challenge verification will fail.
For example, after setting the challenge, setting the password through the ykman otp settings -A 576bc54882f3 2 command will cause the challenge verification to fail.

To put it simply, as long as the otp is set to challenge the password attribute of the modified slot, the challenge data will be damaged and the challenge verification will fail. For example, after setting the challenge, setting the password through the ykman otp settings -A 576bc54882f3 2 command will cause the challenge verification to fail.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

development

nightly-development

nightly-main

v7.4

v7.2

v7.0-eddsa

v7.0

v6.6

v6.4-eddsa1

v6.4

v6.2

v6.0-eddsa1

v6.0

v5.12-eddsa1

v5.12

nightly-stable

v5.10

v5.8-eddsa1

v5.8

v5.6-eddsa1

v5.6

v5.4

v3.0

v2.10

v2.8

v2.6

v2.4

v2.2

v2.0

v1.2

v1.0

Labels

Clear labels

bug

Something isn't working

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

question

Further information is requested

wontfix

This will not be worked on

No Label bug good first issue

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

dearsky

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dearsky/pico-fido#123