It’s due to a cryptographic library implementation in a controller used in the yubikey. It’s a third party controller, and this isn’t exclusive to yubikeys either, a shitload of other stuff uses the same controller and is likely vulnerable to the same attack.
Also, the attack requires around $10k worth of equipment and physical access to the yubikey, so while a valid attack vector, it’s also not something to get into a panic about.
It's definitely not something a regular user should panic over. But it's a huge deal since a lot of high security, sensitive targets also rely on the same library.
It's pretty concerning if my backup key can just be cloned that easily. It means now I need to invest in a much better safe, which I guess was probably always a good idea.
It’s due to a cryptographic library implementation in a controller used in the yubikey. It’s a third party controller, and this isn’t exclusive to yubikeys either, a shitload of other stuff uses the same controller and is likely vulnerable to the same attack.
Also, the attack requires around $10k worth of equipment and physical access to the yubikey, so while a valid attack vector, it’s also not something to get into a panic about.
It's definitely not something a regular user should panic over. But it's a huge deal since a lot of high security, sensitive targets also rely on the same library.
Definitely. Not to be ignored, but for lots of yubikey users, also not something to be overly worried about.
It's pretty concerning if my backup key can just be cloned that easily. It means now I need to invest in a much better safe, which I guess was probably always a good idea.
Do you consider $10,000 of equipment plus breaking your safe and extracting your pin to be easy? Who did you get on the wrong side of!?