Yubikey NEO OpenPGP advisory
wk at gnupg.org
Wed Apr 22 21:06:56 CEST 2015
On Wed, 22 Apr 2015 20:27, andreas.schwier.ml at cardcontact.de said:
> Not sure about that. If I loose my card on the street or someone picks
> it from my pocket or my PC, than that is different from a malware attack
Given the rare use of smartcards for non-banking I bet malware is more a
problems. But well, I agree that this is a severe bug. They probably
downplay this bug because of the costs to replace all affected Yubikeys.
> Imagine a bank, SIM or electronic signature card with a malfunctioning
> PIN. Would you consider that a minor bug ? I don't see that this is
Reminds me of the problem with (German) banking cards which had an
easily guessable PIN due to broken BCD conversion code for a decade or
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users