SoylentNews is people
SoylentNews
Submission Preview
Some YubiKey FIPS Keys Allow Attackers to Reconstruct Private Keys
████ This a bot sub and needs many a editing, ████
Submitted via IRC for SoyCow4463
Some YubiKey FIPS Keys Allow Attackers to Reconstruct Private Keys [bleepingcomputer.com]
Yubico issued a security advisory saying that an issue impacting YubiKey FIPS Series devices (versions 4.4.2 and 4.4.4) reduces the strength of generated RSA keys and ECDSA signatures after power-up.
YubiKey FIPS Series key affected by this issue are the YubiKey FIPS, the YubiKey Nano FIPS, the YubiKey C FIPS, and the YubiKey C Nano FIPS — other Yubico products are not impacted.
According to Yubico's advisory, "random values leveraged in some YubiKey FIPS applications contain reduced randomness for the first operations performed after YubiKey FIPS power-up."
YubiKey FIPS Series reduced randomness issue
More to the point, on affected Yubico products, the buffer holding the keys derivation random value used by RSA and ECDSA algorithms contains some predictable data which leads to the value being not as random as expected. This problem occurs only during the YubiKey's power-up.
However, "After the predictable content in the random buffer is consumed, the buffer will be filled with the intended full random number generator output, and all subsequent use of randomness will not be affected."
Yubico discovered the issue internally and fixed it in YubiKey FIPS Series firmware version 4.4.5, which again was certified as FIPS compliant [nist.gov] on April 30, 2019.
FIPS Series YubiKey devices
While this issue only affects certain use cases in certain scenarios, the YubiKey FIPS apps that use ECDSA are more at risk than others since the weakened signatures could allow potential attackers who gain access to some signatures to reconstruct the private key.
Use the table below to find if your specific use case is impacted by this issue:
YubiOTP and Programmable SlotsNot affectedNo immediate action required. However, Yubico recommends replacing keys to avoid using in impacted scenarios later.Smart CardPossibly affected – when using EC signatures or operations occurring directly after YubiKey FIPS power-upPlease read the PIV Smart Card [yubico.com] section for details.FIDO U2FAffected – when using FIDO U2F directly after YubiKey FIPS power-upPlease read the FIDO U2F [yubico.com] section for details.OATH One-Time PasswordsPossibly affected – when using OATH OTPs directly after YubiKey FIPS power-upPlease read the OATH One-Time Passwords [yubico.com] section for details.OpenPGPPossibly affected – RSA keys generated on YubiKey FIPS directly after power-upPlease read the OpenPGP [yubico.com] section for details.
The company runs an active key replacement program for all impacted FIPS keys with the mention that "the majority of affected YubiKey FIPS Series devices have been replaced, or are in process of replacement with updated, fixed versions of the devices."
Additionally, all customers who own a YubiKey FIPS Series device and haven't yet been contacted by Yubico are advised to review the advisory in its entirety and to go to Yubico's YubiKey FIPS Series Replacement Portal [yubico.com] to order a replacement free of charge.
Yubico provides more details on how this issue impacts different usage scenarios and a list of mitigation measures in the Technical Details section of its security advisory [yubico.com].
Yubico has discovered and fixed an issue with our YubiKey FIPS Series keys, see the following Advisory for technical details and information on how to obtain a free replacement device. No other YubiKey, Security Key or Yubico products are affected. https://t.co/l4ny0ZJfEW [t.co]
— Yubico (@Yubico) June 13, 2019 [twitter.com]
Yubico is not the first vendor to recall security keys this year, with Google doing it for its Bluetooth Low Energy (BLE) Titan Security Keys with a T1 or T2 code just last month [bleepingcomputer.com].
Microsoft is now also blocking the recalled Titan Security Keys [bleepingcomputer.com] and Feitian Multipass (Feitian CTAP1/U2F Security Key) from pairing and connecting to Windows 10 computers as shown in Redmond's ADV190016 [microsoft.com] Bluetooth Low Energy Advisory issued yesterday.
