Yubikey NEO OpenPGP advisory

Werner Koch wk at gnupg.org
Wed Apr 22 21:06:56 CEST 2015

On Wed, 22 Apr 2015 20:27, andreas.schwier.ml at cardcontact.de said:

> Not sure about that. If I loose my card on the street or someone picks
> it from my pocket or my PC, than that is different from a malware attack

Given the rare use of smartcards for non-banking I bet malware is more a
problems.  But well, I agree that this is a severe bug.  They probably
downplay this bug because of the costs to replace all affected Yubikeys.

> Imagine a bank, SIM or electronic signature card with a malfunctioning
> PIN. Would you consider that a minor bug ? I don't see that this is

Reminds me of the problem with (German) banking cards which had an
easily guessable PIN due to broken BCD conversion code for a decade or



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list