From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-156582-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 6E8F413877A
	for <garchives@archives.gentoo.org>; Wed, 18 Jun 2014 20:25:28 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id E365AE0901;
	Wed, 18 Jun 2014 20:25:23 +0000 (UTC)
Received: from mail.digimed.co.uk (82-69-83-178.dsl.in-addr.zen.co.uk [82.69.83.178])
	by pigeon.gentoo.org (Postfix) with ESMTP id A8789E08EB
	for <gentoo-user@lists.gentoo.org>; Wed, 18 Jun 2014 20:25:17 +0000 (UTC)
Received: from digimed.co.uk (shooty.digimed.co.uk [192.168.1.8])
	by mail.digimed.co.uk (Postfix) with ESMTPA id 02281231BA
	for <gentoo-user@lists.gentoo.org>; Wed, 18 Jun 2014 21:25:11 +0100 (BST)
Date: Wed, 18 Jun 2014 21:24:51 +0100
From: Neil Bothwick <neil@digimed.co.uk>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: yubikey
Message-ID: <20140618212451.3a9b2b5b@digimed.co.uk>
In-Reply-To: <loom.20140618T212133-278@post.gmane.org>
References: <53A18447.2040702@xunil.at>
	<loom.20140618T195234-121@post.gmane.org>
	<20140618194344.474aff2c@digimed.co.uk>
	<loom.20140618T212133-278@post.gmane.org>
Organization: Digital Media Production
X-Mailer: Claws Mail 3.10.1-42-g20d68d (GTK+ 2.24.23; x86_64-pc-linux-gnu)
X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667  FE37 BA6E 1A97 4375 1903
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 boundary="Sig_/tiH4OdFaW72euU+AhOQLiIB"; protocol="application/pgp-signature"
X-Archives-Salt: cb3ac319-6fbc-41a5-b36f-21ec4ab4ead6
X-Archives-Hash: d09b6b884ea25ecc83417a1c6181ec9b

--Sig_/tiH4OdFaW72euU+AhOQLiIB
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

On Wed, 18 Jun 2014 19:23:25 +0000 (UTC), James wrote:

> OK, lets skip any RF backdoors installed by the manufacturer,
> as those always exist, but are 'out of scope', for now.
>=20
>=20
> U see this?
>=20
> http://www.unrest.ca/evaluating-the-security-of-the-yubikey

I hadn't. At first glance it appears to relate to their OTP service,
which I don't use. I use it with a static password as part of a two
factor approach, so you would need to get physical access to the key for
long enough to grab the password and know the other part of the password.


--=20
Neil Bothwick

When you go to court you are putting yourself in the hands of 12 people
that were not smart enough to get out of jury duty.

--Sig_/tiH4OdFaW72euU+AhOQLiIB
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlOh9ZsACgkQum4al0N1GQPXLwCfVcSB7nP8SZK34+SQ8u+4KW5q
YMAAnjqjvPZsHrpbZKRYsgnbbpr9kHpJ
=jZzi
-----END PGP SIGNATURE-----

--Sig_/tiH4OdFaW72euU+AhOQLiIB--