Le mardi 17 octobre 2017 à 13:33 +0300, Eyal Edri a écrit : > Thanks, > > So if I have an old YubiKey ( 2.43 ) I shouldn't be affected right? > only V4 > is ?
That's what the post on yubico.com seems to imply. We do not know what chipset is used in the key, so I can't give a educated guess. But I hear people using yubikey neo weren't affected. Now, only the CCID function is problematic, and only if you did generate the ssh key on the chip (e.g., followed official doc on https ://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PKCS11.html and used "yubico-piv-tool -s 9a -a generate -o public.pem" ) If you imported the key, then that should be ok. If you use the yubikey for non smartcard use (e.g. U2F, 2FA for RH VPN or similar system ), that's ok too. > On Tue, Oct 17, 2017 at 12:56 PM, Marc Dequènes (Duck) > <[email protected]> > wrote: > > > Quack, > > > > So the news (thanks Misc for the alert): > > > > https://www.infineon.com/cms/en/product/promopages/rsa- > > update/rsa-background > > > > This affects Yubikeys and other hardware: > > https://www.yubico.com/support/security-advisories/ysa-2017-01/ > > > > There's a nice tool to test if a key is vulnerable: > > https://github.com/crocs-muni/roca > > > > I tested keys in the oVirt Puppet repository and none are affected. > > > > You may check your other keys and ensure keys are checked in other > > projects. > > > > \_o< > > > > > > _______________________________________________ > > Infra mailing list > > [email protected] > > http://lists.ovirt.org/mailman/listinfo/infra > > > > > > > _______________________________________________ > Infra mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/infra -- Michael Scherer Sysadmin, Community Infrastructure and Platform, OSAS
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Infra mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/infra
