I have seen several posts about the PIN for the Librem 5 (the phone) being only 6 digits. These posts are years old. Yet, that still seems to be the situation for the Librem 14 laptop with the Librem Key. So:
-
Is this true?
-
Is it 6 digits or any 6 characters? 6 digits = 1 million possibilities. If upper/lower case letters are also allowed, it is 57 billion. If special characters can be used also, it’s about 262 billion. Both of which are a bit of an improvement over 1 million.
-
Can a delay be set? At one try per second, 6 digits is insufficient (6 days on average to guess), but 57 to 262 billion is probably fine. Still, why not just allow 10+ digits? Your web site requires a 10 digit password to sign up!
-
Was a duress PIN ever implemented to wipe the system?
-
Why do I even want a Librem Key if the password is limited to 6 digits? The only advantage I see is the blinking red LED. But with only a million possibilities, I am not sure they couldn’t fool the key by altering the code to have the same checksum.
Thank you!