home.social

#feitian — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #feitian, aggregated by home.social.

  1. Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.

    But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.

    There are two phases to the attack:

    (1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.

    (2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.

    ninjalab.io/wp-content/uploads

    #ninjalab #eucleak #sidechannel #attack #infineon #yubikey #feitian

  2. Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.

    But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.

    There are two phases to the attack:

    (1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.

    (2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.

    ninjalab.io/wp-content/uploads

    #ninjalab #eucleak #sidechannel #attack #infineon #yubikey #feitian

  3. Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.

    But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.

    There are two phases to the attack:

    (1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.

    (2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.

    ninjalab.io/wp-content/uploads

    #ninjalab #eucleak #sidechannel #attack #infineon #yubikey #feitian

  4. Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.

    But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.

    There are two phases to the attack:

    (1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.

    (2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.

    ninjalab.io/wp-content/uploads

    #ninjalab #eucleak #sidechannel #attack #infineon #yubikey #feitian

  5. @me

    After having many different security key vendors and form factors, I think you may have a variety of keys for different use case. Some keys for dev/test, some for production, some for 3rd party services and may use them differently. Daily driver vs infrequent access.

    I've been a big fan of the Feitian BioPass line. Thier biometric keys are great for everyday use shop.ftsafe.us/collections/bio

    The AuthenTrend ATKey.Pro has a really small form factor biometric which you can leave plugged in on a laptop if you want. authentrend.com/atkey-pro/

    But thing is with these keys, you need to be mindful of where you want to use it. Have a device that only has a lightning connector? Better make sure you get a compatible key.

    Also be aware of Bluetooth and NFC limitations on devices and OSes.

    I would stick to USB-C keys these days, and while you might need a dongle for USB-A systems I think those will become less and less.

    I hope as more we see more device support for passkeys I think this will grow into the predominant usage, but there will still be the need/desire for single device keys.

    passkeys.dev/device-support/

    #securitykeys #fido2 #yubikey #passkey #feitian #authentrend #passwordless

  6. @me

    After having many different security key vendors and form factors, I think you may have a variety of keys for different use case. Some keys for dev/test, some for production, some for 3rd party services and may use them differently. Daily driver vs infrequent access.

    I've been a big fan of the Feitian BioPass line. Thier biometric keys are great for everyday use shop.ftsafe.us/collections/bio

    The AuthenTrend ATKey.Pro has a really small form factor biometric which you can leave plugged in on a laptop if you want. authentrend.com/atkey-pro/

    But thing is with these keys, you need to be mindful of where you want to use it. Have a device that only has a lightning connector? Better make sure you get a compatible key.

    Also be aware of Bluetooth and NFC limitations on devices and OSes.

    I would stick to USB-C keys these days, and while you might need a dongle for USB-A systems I think those will become less and less.

    I hope as more we see more device support for passkeys I think this will grow into the predominant usage, but there will still be the need/desire for single device keys.

    passkeys.dev/device-support/

    #securitykeys #fido2 #yubikey #passkey #feitian #authentrend #passwordless

  7. @me

    After having many different security key vendors and form factors, I think you may have a variety of keys for different use case. Some keys for dev/test, some for production, some for 3rd party services and may use them differently. Daily driver vs infrequent access.

    I've been a big fan of the Feitian BioPass line. Thier biometric keys are great for everyday use shop.ftsafe.us/collections/bio

    The AuthenTrend ATKey.Pro has a really small form factor biometric which you can leave plugged in on a laptop if you want. authentrend.com/atkey-pro/

    But thing is with these keys, you need to be mindful of where you want to use it. Have a device that only has a lightning connector? Better make sure you get a compatible key.

    Also be aware of Bluetooth and NFC limitations on devices and OSes.

    I would stick to USB-C keys these days, and while you might need a dongle for USB-A systems I think those will become less and less.

    I hope as more we see more device support for passkeys I think this will grow into the predominant usage, but there will still be the need/desire for single device keys.

    passkeys.dev/device-support/

    #securitykeys #fido2 #yubikey #passkey #feitian #authentrend #passwordless