Submitted via IRC for SoyCow4463
Some YubiKey FIPS Keys Allow Attackers to Reconstruct Private Keys
Yubico issued a security advisory saying that an issue impacting YubiKey FIPS Series devices (versions 4.4.2 and 4.4.4) reduces the strength of generated RSA keys and ECDSA signatures after power-up.
YubiKey FIPS Series key affected by this issue are the YubiKey FIPS, the YubiKey Nano FIPS, the YubiKey C FIPS, and the YubiKey C Nano FIPS — other Yubico products are not impacted.
According to Yubico's advisory, "random values leveraged in some YubiKey FIPS applications contain reduced randomness for the first operations performed after YubiKey FIPS power-up."
More to the point, on affected Yubico products, the buffer holding the keys derivation random value used by RSA and ECDSA algorithms contains some predictable data which leads to the value being not as random as expected. This problem occurs only during the YubiKey's power-up.
However, "After the predictable content in the random buffer is consumed, the buffer will be filled with the intended full random number generator output, and all subsequent use of randomness will not be affected."
Yubico discovered the issue internally and fixed it in YubiKey FIPS Series firmware version 4.4.5, which again was certified as FIPS compliant on April 30, 2019.
(Score: 2) by c0lo on Tuesday June 18 2019, @05:53AM (3 children)
At a glance: WTF is YubiKey and who is Yubico, and why would I care?
Is it so hard to insert a link to Wikipedia [wikipedia.org] and/or a short explanatory paragraph like:
Based on the above, I can clearly say I don't give a damn about TFA.
Thanks, editors, for making me waste like 5 mins of my time berating you, it's always a pleasure! (grin)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by canopic jug on Tuesday June 18 2019, @07:34AM (2 children)
They're nearly ubiquitous hardware tokens such that they're nearly synonymous with them. Nitrokeys are a distant competitor closing in on their market share. Then there are some lesser known brands, and even some home-grown solutions, out there, such as the FST-01. So it would be strange to add a link explaining Yubikeys, besides you would have then missed your chance to post about not knowing what hardware tokens are and then miss a subsequent chance for a follow up post to explain how it came to be that you didn't already know. ;)
Money is not free speech. Elections should not be auctions.
(Score: 4, Informative) by c0lo on Tuesday June 18 2019, @08:07AM (1 child)
May be ubiquitous in USA, I'm yet to see any in Australia.
At least where I work (US multinational corp), we are still using 3rd-party mobile apps for MFA to telecommute and a RFID card to open the door.
Never felt that I'd need something else, so I still don't give a damn about TFA.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Tuesday June 18 2019, @02:38PM
Then you're not really affected by this, then are you? I have a couple and they're quite a bit better than those 3rd party mobile apps. I have a couple of keys, one that comes with me and another that's stored in case the original is lost or stolen.
Plenty of places in the US still use those stupid apps, but they're rather stupid. My web host still uses that.
(Score: 0) by Anonymous Coward on Tuesday June 18 2019, @02:16PM (2 children)
1. Get a lot of people to buy your product
2. Find a security vulnerability, release a new version with a fix
3. Everyone has to buy the new version to get the fix.
4. Repeat every so often.
5. Profit!!!
(Score: 3, Informative) by rigrig on Tuesday June 18 2019, @02:52PM
Except in this case
3. Everyone has to buy the new version to get the fix.3. All affected customers get offered a free replacement.
No one remembers the singer.
(Score: 0) by Anonymous Coward on Tuesday June 18 2019, @03:00PM
Except that they're giving free replacements for the affected hardware.
(Score: 0) by Anonymous Coward on Tuesday June 18 2019, @04:32PM
I dunno why but when I see FIPS I think backdoored... Oh yeah maybe it's because of FIPS-185.