[Gnuk-users] Admin less mode (opt-out possible)

[NIIBE Yutaka]

Alexander Paetzelt | Nitrokey <alex at nitrokey.com> wrote:
> Is it may possible to disable this feature during compilation (in
> future)?

Not for Gnuk from here.  If you really want to do that, detecting the
condition where user PIN setting with no admin PIN is possible, so,
returning an error in that condition can be done by some changes.  But,
I am afraid that it just introduces more confusion.

I think that documentation and education issues should be handled in
some appropriate place.

Well, it would be good if user can examine the status (admin-less or
not).

The admin-less mode has been widely used (by most Gnuk users).  That's
because the main purpose of Gnuk is to minimize attack surface.

When admin PIN is enabled, it means that it doubles a part of surface
(another three-time attempts are possible).
--