Hello everyone, It seems to go against the normal OpenBSD way of doing things to remove the keyboard functionality of Yubikeys on a kernel level.
It is my understanding that this was more of a comfort decision because people were accidentally emitting their OTP. The proper solution is to configure your Yubikey by moving your OTP to the second slot. This change has crippled one of my use cases in which I stored a very long password in slot 2. This way I could use it for say part of my FDE password with other parts kept in my head (this still works fine) and I also did the same with my KeepassXC database. Now broken. What irritates me about this is that it caters to something which can easily be avoided by configuring the Yubikey properly and maybe I am wrong but I don’t believe it’s a change which mitigates a security threat as other security keys seem unaffected. I will migrate KeepassXC to use challenge response or something. I have tons of Yubikeys laying around so I can use them. I did have the thought process about reading the data using usbhidctl and getting ASCII output. Has anyone done that? Kind regards, Johnathan
