**🇺🇦🇪🇺 cweickhmann** @cweickhmann@qoto.org · 2023-01-18T08:17:15Z

🇺🇦🇪🇺 cweickhmann @cweickhmann@qoto.org

🇺🇦🇪🇺 cweickhmann @cweickhmann@qoto.org

Just a question to the devs who make password wallets etc using GPG: Why do you tell the user, they got only 3 attempts at entering their private key's password?

They don't. They have infinite attempts because they own the key file. I've seen this in #KDE and #Gnome now.

#Software #GPG #KWallet

Jan 18, 2023, 08:17 · · · ·

**Andrius Štikonas** @stikonas@fosstodon.org · Jan 19, 2023, 14:50

**Andrius Štikonas** @stikonas@fosstodon.org · Jan 19, 2023, 14:50

Jan 19, 2023, 14:50

Andrius Štikonas @stikonas@fosstodon.org

@cweickhmann If users use physical token for GPG keys such as #gnuk token (or anything similar implementing #openpgpcard standard) then they really have only 3 attempts. After 3 wrong attempts token is semi locked and needs Admin PIN to unlock. After 3 wrong admin PIN attempts private key is erased.

**🇺🇦🇪🇺 cweickhmann** @cweickhmann@qoto.org · Jan 19, 2023, 15:40

**🇺🇦🇪🇺 cweickhmann** @cweickhmann@qoto.org · Jan 19, 2023, 15:40

Jan 19, 2023, 15:40

🇺🇦🇪🇺 cweickhmann @cweickhmann@qoto.org

@stikonas That is right, but the password manager or the key manager should expose this property.

Trending now

Resources

Developers

What is Mastodon?

qoto.org

More…