• @sun_is_ra@sh.itjust.works
    link
    fedilink
    English
    3210 months ago

    TLDR; the attack is very sophisticated, require hardware access and specialized tools. On the other hand its not possible to patch the vulnerability

    • @Telorand@reddthat.com
      cake
      link
      fedilink
      English
      410 months ago

      To add:

      All YubiKeys running firmware prior to version 5.7—which was released in May and replaces the Infineon cryptolibrary with a custom one—are vulnerable.

      So if you bought your key from June onward, you are most likely in the clear.

  • Nora
    link
    fedilink
    English
    510 months ago

    I have two of these is there anything else more secure?