Yubikey NEO OpenPGP advisory

Werner Koch wk at gnupg.org
Wed Apr 22 20:05:30 CEST 2015

On Wed, 22 Apr 2015 18:06, andreas.schwier.ml at cardcontact.de said:

> And contrary to the Yubico position that this is a minor issue, I would
> call the circumvention of the PIN mechanism a major issue. If you loose
> the device, then you loose the key.

You mean anyone can use the key, right.  However, any simple malware can
be used to sniff on a user entering the PIN.  I doubt that most pinpad
readers can protect against this: It is easy to trick most users into
entering the PIN using the regular keyboard instead of the pinpad.  In
fact old version of GnuPG required this in certain cases.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list