> On Apr 22, 2015, at 3:07 PM, Peter Lebbing <pe...@digitalbrains.com> wrote:
> 
> What does a smartcard protect against?
> 
> Leaking the private key. It protects against more copies of
> the private key material existing.
> 
> Explicitly not /usage/ of the key by unauthorized people; it
> cannot protect against that. 

The smart card offers protection against copying of the key, but it includes 
the PIN to protect against unauthorized use. While not as absolute as the 
protection against copying, the PIN is an effective second factor; in the case 
of NFC, which is a big use case for the Yubikey, an attacker would need to 
shoulder-surf the PIN, capture it with malware, or get near enough with an NFC 
sniffer [1] to capture the PIN while the legitimate user is entering it. 

Removing the PIN from the equation removes the protection from unauthorized 
use. Obtaining a fraudulent signature is as simple as hovering an NFC 
smartphone within range of a defective token; it will sign any data transmitted 
to it. And since the Yubikey is designed to live on a user’s (physical) 
keychain, it is not at all difficult to imagine a scenario where an attacker 
could gain this level of proximity without attracting attention. This is before 
we address the issue of lost or seized devices. 

Personally, I think that it’s unsafe to have a PGP key on an old Yubikey that 
exhibits this vulnerability, which is why I submitted it to the list. 

[1]: http://hydrabus.com/hydranfc-1-0-specifications/

-- 

Joey Castillo
www.joeycastillo.com


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to