2017-12-11 13:57 GMT+01:00 Stefan Krah <ste...@bytereef.org>: > I'm not a fan of hardware key generation. :-) > > https://en.wikipedia.org/wiki/YubiKey > > "In October 2017, security researchers found a vulnerability (known as ROCA) > in the implementation of RSA keypair generation in a cryptographic library > used by a large number of Infineon security chips. The vulnerability allows > an attacker to reconstruct the private key by using the public key.[18][19] > All YubiKey 4, YubiKey 4C, and YubiKey 4 nano within the revisions 4.2.6 to > 4.3.4 are affected by this vulnerability.[20] Yubico publicized a tool to > check if a Yubikey is affected and replaces affected tokens for free.[21]"
FYI it seems like only RSA private key generated by old Yubikey keys are vulnerable to the ROCA attack. OTP authentication is not affected. See https://www.yubico.com/keycheck/ for more information. "ROCA: Return Of the Coppersmith Attack": https://lwn.net/Articles/738896/ As I wrote, I chose to use ed25519 for my new SSH key. Maybe it was a good idea :-) Victor _______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers Code of Conduct: https://www.python.org/psf/codeofconduct/
