Yubikey NEO OpenPGP advisory
Werner Koch
wk at gnupg.org
Wed Apr 22 20:05:30 CEST 2015
On Wed, 22 Apr 2015 18:06, andreas.schwier.ml at cardcontact.de said:
> And contrary to the Yubico position that this is a minor issue, I would
> call the circumvention of the PIN mechanism a major issue. If you loose
> the device, then you loose the key.
You mean anyone can use the key, right. However, any simple malware can
be used to sniff on a user entering the PIN. I doubt that most pinpad
readers can protect against this: It is easy to trick most users into
entering the PIN using the regular keyboard instead of the pinpad. In
fact old version of GnuPG required this in certain cases.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list