• @tburkhol
    link
    English
    164 months ago

    Also, at least for the Yubi implementation, fixable in software, firmware >= 5.7 not vulnerable. Also not upgradeable, so replace keys if you’re worried about nation-state attacks.

    • hash
      link
      English
      114 months ago

      for reference 5.7 began shipping with keys May of this year.

    • @[email protected]
      link
      fedilink
      English
      74 months ago

      I went into the article thinking I’d need to replace my keys, and after reading decided I’m a very unlikely target for this attack. My threat model doesn’t include nation states, so I’m gonna keep using my yubikeys for the foreseeable future.

      I have been thinking about new hardware key(s) that can handle more than 20 passkeys, but that’s not a high priority for me right now.