Re: Security advisory for YubiKey 4: RSA generation broken

2017-10-17 Thread NIIBE Yutaka
Hello, For the particular vulnerability, I don't think Gnuk is affected. Here are (at least) three different things to discuss; (1) whether or not key generation on device uses secret parameters, (2) prime number generation method, and (3) entropy source. Since key generation takes time and

Re: Security advisory for YubiKey 4: RSA generation broken

2017-10-17 Thread Marc Haber
On Mon, Oct 16, 2017 at 03:22:35PM -0400, Antoine Beaupré wrote: > What I would like to know is whether other keycards, like the Nitrokey > Start, FST-01 or the Zeitcontrol smartcards, are affected. > > I suspect only the Nitrokey PRO and Zeitcontrol cards *could* be > affected (and may not be,

Re: Security advisory for YubiKey 4: RSA generation broken

2017-10-16 Thread Jonathan McDowell
On Mon, Oct 16, 2017 at 09:13:19PM +0200, Yves-Alexis Perez wrote: > On Mon, 2017-10-16 at 21:06 +0200, Christian Seiler wrote: > > Unfortunately, as far as I understand it, there's no easy method for > > detecting these kinds of broken keys without actually attempting to > > factorize them - and

Re: Security advisory for YubiKey 4: RSA generation broken

2017-10-16 Thread Christian Seiler
On 10/16/2017 09:13 PM, Yves-Alexis Perez wrote: > On Mon, 2017-10-16 at 21:06 +0200, Christian Seiler wrote: >> Unfortunately, as far as I understand it, there's no easy method for >> detecting these kinds of broken keys without actually attempting to >> factorize them - and while that's feasible

Re: Security advisory for YubiKey 4: RSA generation broken

2017-10-16 Thread Antoine Beaupré
What I would like to know is whether other keycards, like the Nitrokey Start, FST-01 or the Zeitcontrol smartcards, are affected. I suspect only the Nitrokey PRO and Zeitcontrol cards *could* be affected (and may not be, since i heard noises about gemalto *not* using those routines) but I don't

Re: Security advisory for YubiKey 4: RSA generation broken

2017-10-16 Thread Yves-Alexis Perez
On Mon, 2017-10-16 at 21:06 +0200, Christian Seiler wrote: > Unfortunately, as far as I understand it, there's no easy method for > detecting these kinds of broken keys without actually attempting to > factorize them - and while that's feasible (hence the vulnerability) > it is still quite

Security advisory for YubiKey 4: RSA generation broken

2017-10-16 Thread Christian Seiler
Hi, Recently a vulnerability in a firmware library used by multiple hardware vendors has been discovered. This vulnerability makes RSA keys generated on those hardware chips much easier to factorize. One of the devices affected is the YubiKey 4 family dongle (YubiKey 4, 4 Nano and 4C). Advisory