A couple notes about the Infineon timing side channel affecting most YubiKeys.
-
A couple notes about the Infineon timing side channel affecting most YubiKeys.
1. yubikey-agent is unaffected in the evil maid threat model as the attacker needs physical access *and PIN*
2. lol, Infineon
3. Go mitigates timing side-channels in ECDSA nonce inversion by not being clever and just using Fermat's little theorem, which is as simple as a constant time exponentiation by p - 2 (which can be optimized with @mbmcloughlin's addchain)
https://ninjalab.io/eucleak/
https://www.yubico.com/support/security-advisories/ysa-2024-03/
Copyright © 2024 NodeBB | Contributors