Why clone a yubikey when you can simply steal it and leave an identical looking one that just doesn't work and the user is just going to be confused for a bunch of time without realising that someone else has their 2FA token now
-
Why clone a yubikey when you can simply steal it and leave an identical looking one that just doesn't work and the user is just going to be confused for a bunch of time without realising that someone else has their 2FA token now
-
@mjg59 They could actually make that type of attack much harder if they made the overmolding of these things in a nice swirly two-color process so each one is a bit different.
-
-
-
-
@riley @joe You don't even need glitter for that. A simple sticker and a printed transparent sheet is enough. To make the sticker impossible to remove, you can just make it out of a fragile material such as thin aluminium foil and use a strong, chemically resistant adhesive.
Naor and Shamir introduced a scheme similar to what you describe in 1995. Their scheme even achieves information-theoretical security. Paper link:
-