31May
What exactly happens when you use 2FA with "Password" + "Yubikey HMAC" Login in KeepassXC?
Usecase: KeepassXC is configured with a Passward + Yubikey HMAC.
I am trying to understand the exact steps that happen.
I think the first five Steps are clear:
- Open KeepassXC
- Enter Password
- Select Hardware Key
- Click unlock
- Yubikey is blinking
Now comes the Part I struggle to understand.
The next steps beginning with step six are pure guesses, please correct me.
- Does the KeepassXC Application send something like a challenge based on the entered Password to the Yubikey?
- Touch Yubikey
- The Yubikey computes the Challenge with the stored HMAC Secret and sends the result back to the KeepassXC Application.
Or are there more or different inputs than the password involved in the generation of the challenge, that was created from KeePassXC.
