From db20f733e8d6bbf5bb5ec6dfca241a4093a4f289 Mon Sep 17 00:00:00 2001 From: "Jan Knittel (Nitrokey)" Date: Thu, 9 Jul 2026 14:02:44 +0000 Subject: [PATCH] update: Nitrokey section on OTP secrets (#3252) Signed-off-by: fria Signed-off-by: Daniel Gray --- docs/security-keys.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/security-keys.md b/docs/security-keys.md index 14885916b..dc1bb1f24 100644 --- a/docs/security-keys.md +++ b/docs/security-keys.md @@ -102,7 +102,7 @@ Nitrokey models can be configured using the [Nitrokey app](https://nitrokey.com/

Warning

-Excluding the Nitrokey 3, Nitrokeys which support HOTP and TOTP do not have encrypted storage, making them vulnerable to physical attacks. +Starting with Nitrokey 3, HOTP and TOTP secrets are additionally encrypted at rest. Older Nitrokey devices like Nitrokey Pro 2 and Nitrokey Storage 2 did not encrypt OTP secrets at rest, which makes the OTP secrets on these devices potentially vulnerable to physical attacks.