home.social
Sign in Create account

#yubiotp — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #yubiotp, aggregated by home.social.

  1. Todd A. Jacobs | Pragmatic Cybersecurity @[email protected] ·

    Don't dismiss the #Yubico security advisory, but don't panic either. My hot take, pending further analysis of the full 88-page report, is that at present the problem is limited to ECC signing functions and doesn't provide a practical attack surface for keys that remain in your physical possession, use non-cached KDF for PINs, and aren't connected to untrusted hardware.

    1. Read yubico.com/support/security-ad to learn more about what's wrong, and the full 88-page technical report available from ninjalab.io/eucleak/.

    2. Stop here if you don't use the #FIDO2, #OpenPGP, or #PIV functions of the card.

    If you do have an affected firmware version AND are using elliptic curves for signing, there are some mitigations you can take.

    1. Run KDF setup if you haven't already, and then regenerate your PIN numbers for all affected protocols on vulnerable keys. NB: I couldn't find this in the advisory, but it makes sense if you stop and think about it.

    2. Add a PIN to your FIDO2 authentication on affected firmware versions.

    3. Disable the "touch cache" feature on the key to limit the potential window of exposure window on untrusted hardware.

    4. Switch all #ECDSA signing and attestation keys to use #RSA instead of an elliptic curve algorithm if possible. This is generally the default for most impacted functions, but may have been changed by advanced users or by organizational policy. NB: For OpenPGP, make sure you generate a revocation certificate for your signing key first before replacing the signature slot. This may impact other OpenPGP keys too if they were signed with the ECC key, so you might need to re-sign or regenerate your other keys as well.

    5. If you rely on FIDO2, supplement your FIDO2 authentication with an additional factor if possible.

    6. Revoke and replace keys that must use ECC algorithms for signing keys, use FIDO2 without an additional factor, are likely to be exposed to untrusted hardware, or that can't be used with a device PIN.

    The only thing that really makes this vulnerability inconvenient is that the firmware of affected keys can't be replaced. I have seen no announcements about whether or not Yubico will be offering some kind of replacement program to affected customers, but users of RSA signature keys, the default Yubico attestation certificates, or the #YubiOTP protocol do not appear to be impacted at this time.

    #yubico #fido2 #openpgp #piv #ecdsa #rsa