June 17, 2019 at 08:59 AM

https://www.yubico.com/support/security-...a-2019-02/

"For ECDSA signatures, the nonce K becomes significantly biased with up to 80 of the 256 bits being static, resulting in weakened signatures"

which implies that if you collect 3 signatures from a vulnerable FIPS Yubikey, you can calculate the private key

"For ECDSA signatures, the nonce K becomes significantly biased with up to 80 of the 256 bits being static, resulting in weakened signatures"

which implies that if you collect 3 signatures from a vulnerable FIPS Yubikey, you can calculate the private key