#feitian — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #feitian, aggregated by home.social.
-
Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.
But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.
There are two phases to the attack:
(1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.
(2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
#ninjalab #eucleak #sidechannel #attack #infineon #yubikey #feitian
-
Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.
But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.
There are two phases to the attack:
(1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.
(2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
#ninjalab #eucleak #sidechannel #attack #infineon #yubikey #feitian
-
Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.
But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.
There are two phases to the attack:
(1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.
(2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
#ninjalab #eucleak #sidechannel #attack #infineon #yubikey #feitian
-
Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.
But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.
There are two phases to the attack:
(1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.
(2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
#ninjalab #eucleak #sidechannel #attack #infineon #yubikey #feitian
-
updated #fido2 #fido #securitykey #comparison draft Version 0.8
#yubikey #nitrokey #gotrust #feitian #solokey #titan #google
#mfa #u2f@Fr333k @matthegap @shellsharks @FritzAdalis
@heisecIf updates are needed Post a reply here
Credits to