Sophisticated attack breaks security assurances of the most popular FIDO key.

  • qprimed
    link
    fedilink
    English
    53 months ago

    These chips and the vulnerable part of the cryptographic library went through about 80 CC certification evaluations of level AVA VAN 4 (for TPMs) or AVA VAN 5 (for the others) from 2010 to 2024 (and a bit less than 30 certificate maintenances).

    confidently insecure. just the way we all like things.

  • @[email protected]
    link
    fedilink
    English
    43 months ago

    Considering how much they charge per key, they can probably send out new keys to everyone without making much a dent in their profits.