Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Minor Issue] HMAC-SHA1 Challenge-Reponse link has moved #11142

Closed
BeanBagKing opened this issue Aug 7, 2024 · 3 comments · Fixed by #11321
Closed

[Minor Issue] HMAC-SHA1 Challenge-Reponse link has moved #11142

BeanBagKing opened this issue Aug 7, 2024 · 3 comments · Fixed by #11321
Assignees
@droidmonkey
Labels
documentation 📑 feature: Hardware Keys
Milestone
v2.7.10

Comments

@BeanBagKing
Copy link

Overview

The link under Database -> Database Security -> Security -> Challenge-Reponse with the text "HMAC-SHA1 Challenge-Reponse" has moved or been deleted from yubico.com. It now forwards to the developers landing site.

Steps to Reproduce

  1. Find the link in the location described above
  2. Right click the and select "Copy Link Location"
  3. Paste the link location into a text editor. The result is: https://www.yubico.com/products/services-software/challenge-response/
  4. Visit this link, note that you are immediately redirected to https://developers.yubico.com/

The last observed time this page was active appears to be Jan 2021
http://web.archive.org/web/20210117060007/https://www.yubico.com/products/services-software/challenge-response/
The next index of that page by archive.org, on May 2021, redirects to the developers landing page.

Expected Behavior

Send the user to a page either explaining the challenge-reponse functionality of Yubikey or a guide on how to set it up. I'm not sure what this would be, but two suggestions may be:

  1. https://keepassxc.org/docs/#faq-yubikey-howto - I think this is the better option as it quickly describes to the user what they should do.

  2. https://docs.yubico.com/yesdk/users-manual/application-otp/challenge-response.html - This document may be overwhelming to someone new to Yubikey and/or KeepassXC, but has more technical depth.

Actual Behavior

User is redirected to a landing page that doesn't have anything to do with Challenge-Reponse

Context

This is a minor issue I realize, but something I did notice and wanted to document for improvement.

( Paste debug info from Help → About here )

KeePassXC - Version 2.7.9
Revision: 8f6dd13

Qt 5.15.11
Debugging mode is disabled.

Operating system: Windows 11 Version 2009
CPU architecture: x86_64
Kernel: winnt 10.0.22631

Enabled extensions:

  • Auto-Type
  • Browser Integration
  • Passkeys
  • SSH Agent
  • KeeShare
  • YubiKey
  • Quick Unlock

Cryptographic libraries:

  • Botan 3.1.
@BeanBagKing BeanBagKing added the bug label Aug 7, 2024
@droidmonkey droidmonkey self-assigned this Aug 7, 2024
@droidmonkey
Copy link
Member

I agree with changing the link to our own controlled pages where we can out link to yubico and other vendors.

@droidmonkey droidmonkey added this to the v2.7.10 milestone Aug 7, 2024
@BeanBagKing
Copy link
Author

I didn't notice this earlier, but the YouTube video linked is 7 years old, and the Yubikey Personalization Tool reviewed there is no longer under development/is replaced by the Yubikey Manager. It still works, but if there's a more up to date video out, that may be better.

@droidmonkey
Copy link
Member

Yubico does a terrible job with challenge/response instructions.

@github-project-automation github-project-automation bot moved this to To triage in WIP Tracker Sep 23, 2024
droidmonkey added a commit that referenced this issue Oct 1, 2024
@droidmonkey
Minor UI fixes
97e2c49 
* Fixes #11044 - password generator excluded characters tooltip was incorrect

* Fixes #11084 - allow more than 30 days for showing expiring passwords. Also fix the ability to properly translate this control.

* Fixes #11212 - don't show password on creating new database

* Fixes #10726 - improve indication of hardware key polling. Also improve layout spacing of unlock dialog.

* Fixes #11142 - provide better link for challenge-response information
@droidmonkey droidmonkey moved this from In progress to In review in WIP Tracker Oct 1, 2024
@droidmonkey droidmonkey mentioned this issue Oct 5, 2024
Merged
droidmonkey added a commit that referenced this issue Oct 7, 2024
@droidmonkey
Minor UI fixes
64fa7df 
* Fixes #11044 - password generator excluded characters tooltip was incorrect

* Fixes #11084 - allow more than 30 days for showing expiring passwords. Also fix the ability to properly translate this control.

* Fixes #11212 - don't show password on creating new database

* Fixes #10726 - improve indication of hardware key polling. Also improve layout spacing of unlock dialog.

* Fixes #11142 - provide better link for challenge-response information
@github-project-automation github-project-automation bot moved this from In review to Done in WIP Tracker Oct 7, 2024
droidmonkey added a commit that referenced this issue Oct 7, 2024
@droidmonkey
Minor UI fixes
94eb3ff 
* Fixes #11044 - password generator excluded characters tooltip was incorrect

* Fixes #11084 - allow more than 30 days for showing expiring passwords. Also fix the ability to properly translate this control.

* Fixes #11212 - don't show password on creating new database

* Fixes #10726 - improve indication of hardware key polling. Also improve layout spacing of unlock dialog.

* Fixes #11142 - provide better link for challenge-response information
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@droidmonkey droidmonkey

Labels
documentation 📑 feature: Hardware Keys
Projects
WIP Tracker
Archived in project
Milestone
v2.7.10
Development

Successfully merging a pull request may close this issue.

Bunch of UI/UX Fixes - See Description keepassxreboot/keepassxc
2 participants
@droidmonkey @BeanBagKing