* [gentoo-project] Nitrokey Pro not vulnerable to the Nitrokey Start read-only bit
@ 2019-04-30 17:06 99% Robin H. Johnson
0 siblings, 0 replies; 1+ results
From: Robin H. Johnson @ 2019-04-30 17:06 UTC (permalink / raw
To: gentoo-project
[-- Attachment #1: Type: text/plain, Size: 1182 bytes --]
TL;DR: The Foundation/Nitrokey partnership is sending Nitrokey Pro units
that are not the same as the Nitrokey Start units vulnerable to hands-on
key extraction attack.
As a few people have asked about it:
There was a production batch of "Nitrokey Start" units that did not have
a read-protection bit configured, and thus were vulnerable to a key
extraction attack:
https://github.com/rot42/gnuk-extractor
The issue was specific to a batch of hardware that was mis-programmed,
and the issue is not present on newer Nitrokey Start units.
https://github.com/Nitrokey/nitrokey-start-firmware/issues/14
The Foundation/Nitrokey partnership is providing Nitrokey Pro 2 units,
which are supposedly not vulnerable to this issue (but I'd be happy for
a hardware hacker to confirm this, I understand that the Pro2 has a
seperate smartcard internally)
If you already had an older Nitrokey Start unit, reviewing/updating the
firmware is advised.
--
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
E-Mail : robbat2@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 1113 bytes --]
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2019-04-30 17:06 99% [gentoo-project] Nitrokey Pro not vulnerable to the Nitrokey Start read-only bit Robin H. Johnson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox