Skip to content
  • Categories
  • Recent
  • Tags
  • All Topics
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Caint logo. It's just text.
  1. Home
  2. Uncategorized
  3. Security is hard
Welcome to Caint!
Issues? Post in Comments & Feedback
You can now view, reply, and favourite posts from the Fediverse. You can click here or click on the on the navigation bar on the left.

Security is hard

Scheduled Pinned Locked Moved Uncategorized
2fasidechannelconstanttime
4 Posts 2 Posters 0 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S This user is from outside of this forum
    S This user is from outside of this forum
    SpaceLifeForm
    wrote last edited by
    #1

    Security is hard.

    The TL;DR is: Do not lose possesion of your private key.

    https://ninjalab.io/eucleak/

    The attack requires physical access to the secure element (few local electromagnetic side-channel acquisitions, i.e. few minutes, are enough) in order to extract the ECDSA secret key. In the case of the FIDO protocol, this allows to create a clone of the FIDO device.

    All YubiKey 5 Series (with firmware version below 5.7) are impacted by the attack and in fact all Infineon security microcontrollers (including TPMs) that run the Infineon cryptographic library (as far as we know, any existing version) are vulnerable to the attack.

    https://www.yubico.com/support/security-advisories/ysa-2024-03/

    #2FA #SideChannel #ConstantTime

    S Experimental Alt :v_bi:D 2 Replies Last reply
    1
    0
    • System shared this topic
    • S SpaceLifeForm

      Security is hard.

      The TL;DR is: Do not lose possesion of your private key.

      https://ninjalab.io/eucleak/

      The attack requires physical access to the secure element (few local electromagnetic side-channel acquisitions, i.e. few minutes, are enough) in order to extract the ECDSA secret key. In the case of the FIDO protocol, this allows to create a clone of the FIDO device.

      All YubiKey 5 Series (with firmware version below 5.7) are impacted by the attack and in fact all Infineon security microcontrollers (including TPMs) that run the Infineon cryptographic library (as far as we know, any existing version) are vulnerable to the attack.

      https://www.yubico.com/support/security-advisories/ysa-2024-03/

      #2FA #SideChannel #ConstantTime

      S This user is from outside of this forum
      S This user is from outside of this forum
      SpaceLifeForm
      wrote last edited by
      #2

      Interesting. The server side software used to preview the first link that was not 404, and that did not happen in this case.

      1 Reply Last reply
      1
      0
      • S SpaceLifeForm

        Security is hard.

        The TL;DR is: Do not lose possesion of your private key.

        https://ninjalab.io/eucleak/

        The attack requires physical access to the secure element (few local electromagnetic side-channel acquisitions, i.e. few minutes, are enough) in order to extract the ECDSA secret key. In the case of the FIDO protocol, this allows to create a clone of the FIDO device.

        All YubiKey 5 Series (with firmware version below 5.7) are impacted by the attack and in fact all Infineon security microcontrollers (including TPMs) that run the Infineon cryptographic library (as far as we know, any existing version) are vulnerable to the attack.

        https://www.yubico.com/support/security-advisories/ysa-2024-03/

        #2FA #SideChannel #ConstantTime

        Experimental Alt :v_bi:D This user is from outside of this forum
        Experimental Alt :v_bi:D This user is from outside of this forum
        Experimental Alt :v_bi:
        wrote last edited by
        #3

        @SpaceLifeForm
        Interesting read
        Thanks for sharing

        S 1 Reply Last reply
        1
        0
        • Experimental Alt :v_bi:D Experimental Alt :v_bi:

          @SpaceLifeForm
          Interesting read
          Thanks for sharing

          S This user is from outside of this forum
          S This user is from outside of this forum
          SpaceLifeForm
          wrote last edited by
          #4

          @DurtyMind

          Thanks for reading.

          You have no idea the rabbit holes I visited.

          1 Reply Last reply
          1
          0
          Reply
          • Reply as topic
          Log in to reply
          • Oldest to Newest
          • Newest to Oldest
          • Most Votes

          • Login
          • Don't have an account? Register
          • Login or register to search.
          • First post
            Last post
          0
          • Categories
          • Recent
          • Tags
          • All Topics
          • Popular
          • World
          • Users
          • Groups