Yubico Epic Fail
by geshem - June 17, 2019 at 08:59 AM
#1
https://www.yubico.com/support/security-...a-2019-02/

"For ECDSA signatures, the nonce K becomes significantly biased with up to 80 of the 256 bits being static, resulting in weakened signatures"

which implies that if you collect 3 signatures from a vulnerable FIPS Yubikey, you can calculate the private key
#2
geshem Wrote:https://www.yubico.com/support/security-...a-2019-02/

"For ECDSA signatures, the nonce K becomes significantly biased with up to 80 of the 256 bits being static, resulting in weakened signatures"

which implies that if you collect 3 signatures from a vulnerable FIPS Yubikey, you can calculate the private key

people in the UK: "the fact that they are biased is not the worst thing about nonces"
#3
At least they are transparent with the issue and they have a replacement process !
#4
(June 17, 2019 at 08:59 AM)geshem Wrote: https://www.yubico.com/support/security-...a-2019-02/

"For ECDSA signatures, the nonce K becomes significantly biased with up to 80 of the 256 bits being static, resulting in weakened signatures"

which implies that if you collect 3 signatures from a vulnerable FIPS Yubikey, you can calculate the private key

I'm pretty sure it doesn't work like that. it just reduces the searchspace of the key down to 256-80 and increases the chance that you could forge a signature. Unlikely to be exploited in a real world attack

 Users browsing this thread: 1 Guest(s)