Michał "rysiek" Woźniak · 🇺🇦Sep 3, 2024

Ok, here's the deal on the "YubiKey cloning attack" stuff:

 Yes, a way to recover private keys from #YubiKey 5 has been found by researchers.

But the attack *requires*:

👉 *physically opening the YubiKey enclosure*

👉 physical access to the YubiKey *while it is authenticating*

👉 non-trivial electronics lab equipment

I cannot stress this enough:

✨ In basically every possible scenario you are safer using a YubiKey or a similar device, than not using one. ✨

#InfoSec #YubiKey5

Show threadvifon
@rysiek In other words: in a very specific scenario you can be at worst just as secure with a YubiKey as you'd be without it. And this is the worst case scenario.
Sep 3, 2024 at 8:24pmWeb
Show threadMichał "rysiek" Woźniak · 🇺🇦Sep 3, 2024
@vifon correct