nicdex @nicdex

0 posts0 participants0 posts today

**netrom** @netrom@infosec.exchange · Sep 7, 2024

Sep 7, 2024

Side-channel #EUCLEAK attack discovered on devices using the Infineon cryptographic library, like the YubiKey 5 series (firmware <5.7) and Feitian A22 JavaCard.

But it does require a fair amount of factors to succeed: username, password, physical access, additional equipment, and for the cryptographic operations to involve modular inversions, like ECDSA.

There are two phases to the attack:

(1) The online phase requires opening the device to access the microcontroller, then using an electromagnetic probe, an oscilloscope, and a computer to capture the electromagnetic side-channel signals during operation.

(2) The offline phase (physical access no longer necessary) supposedly takes time varying from one hour to one day for each secret to uncover.

https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf

#ninjalab #sidechannel #attack

**Erik van Straten** @ErikvanStraten@infosec.exchange · Sep 4, 2024 *

Sep 4, 2024 *

Erik van Straten @ErikvanStraten@infosec.exchange

(long) Wrong order: RPKI first - WebPKI never?

Replied in thread

**pink** @pink@norden.social · Aug 13, 2024

Aug 13, 2024

pink @pink@norden.social

@galileo Neben den allgegenwärtigen #Yubikeys gibt es auch noch #Solokeys (https://solokeys.com/) und #Feitian (https://www.ftsafe.com/Products/FIDO). Die Solokeys bauen auf die gleiche Firmware auf wie die von @nitrokey

SoloKeysSoloKeysThe first open source FIDO2 security key, built with Trussed®.

Continued thread

**EINGFOAN** @eingfoan@infosec.exchange · Jun 8, 2023 *

Jun 8, 2023 *

EINGFOAN @eingfoan@infosec.exchange

updated #fido2 #fido #securitykey #comparison draft Version 0.8

#yubikey #nitrokey #gotrust #feitian #solokey #titan #google
#mfa #u2f

@Fr333k @matthegap @shellsharks @FritzAdalis
@heisec

If updates are needed Post a reply here

Credits to

https://medium.com/webauthnworks/sorting-fido-ctap-webauthn-terminology-7d32067c0b01&sa=D&source=editors&ust=1686248837634831&usg=AOvVaw1RNctynoDjZdGOtR_n3KPm

https://fidoalliance.org/specifications/&sa=D&source=editors&ust=1686248837635017&usg=AOvVaw1j45hHJTnxzwWfT7VRfWK6

https://doubleoctopus.com/blog/standards-regulations/your-complete-guide-to-fido-fast-identity-online/&sa=D&source=editors&ust=1686248837635116&usg=AOvVaw3wIncGqheQ1koX9LV9-KED

excel sheet screenshot comparing fido2 hardware

Replied in thread

**Jef Kazimer** @JefTek@infosec.exchange · Nov 25, 2022

Nov 25, 2022

Jef Kazimer @JefTek@infosec.exchange

@me

After having many different security key vendors and form factors, I think you may have a variety of keys for different use case. Some keys for dev/test, some for production, some for 3rd party services and may use them differently. Daily driver vs infrequent access.

I've been a big fan of the Feitian BioPass line. Thier biometric keys are great for everyday use https://shop.ftsafe.us/collections/biopass-fido2-series

The AuthenTrend ATKey.Pro has a really small form factor biometric which you can leave plugged in on a laptop if you want. https://authentrend.com/atkey-pro/

But thing is with these keys, you need to be mindful of where you want to use it. Have a device that only has a lightning connector? Better make sure you get a compatible key.

Also be aware of Bluetooth and NFC limitations on devices and OSes.

I would stick to USB-C keys these days, and while you might need a dongle for USB-A systems I think those will become less and less.

I hope as more we see more device support for passkeys I think this will grow into the predominant usage, but there will still be the need/desire for single device keys.

https://passkeys.dev/device-support/

shop.ftsafe.usBioPass FIDO2

#securitykeys #fido2 #yubikey

Recent searches

Search options

Administered by:

Server stats:

#Feitian