--=-MN1YiBFHlv1TjrbX85/D Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Le mardi 17 octobre 2017 =C3=A0 13:33 +0300, Eyal Edri a =C3=A9crit=C2=A0:
Thanks, =20 So if I have an old YubiKey ( 2.43 ) I shouldn't be affected right? only V4 is ?
That's what the post on yubico.com seems to imply. We do not know what chipset is used in the key, so I can't give a educated guess. But I hear people using yubikey neo weren't affected. Now, only the CCID function is problematic, and only if you did generate the ssh key on the chip (e.g., followed official doc on https ://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PKCS11.html and used "yubico-piv-tool -s 9a -a generate -o public.pem" ) If you imported the key, then that should be ok. If you use the yubikey for non smartcard use (e.g. U2F, 2FA for RH VPN or similar system ), that's ok too.
On Tue, Oct 17, 2017 at 12:56 PM, Marc Dequ=C3=A8nes (Duck) <duck@redhat.com> wrote: =20
Quack, =20 So the news (thanks Misc for the alert): =20 https://www.infineon.com/cms/en/product/promopages/rsa- update/rsa-background =20 This affects Yubikeys and other hardware: =C2=A0 https://www.yubico.com/support/security-advisories/ysa-2017-01/ =20 There's a nice tool to test if a key is vulnerable: =C2=A0 https://github.com/crocs-muni/roca =20 I tested keys in the oVirt Puppet repository and none are affected. =20 You may check your other keys and ensure keys are checked in other projects. =20 \_o< =20 =20 _______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra =20 =20 =20 =20
Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra --=20 Michael Scherer Sysadmin, Community Infrastructure and Platform, OSAS
--=-MN1YiBFHlv1TjrbX85/D Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAABAgAGBQJZ5eENAAoJEE89Wa+PrSK9PvAP/2/FVqtHxod/zaLsmiKDANam BZbEAVN/wlggHkVDot6lexDqu386om21lp0ctcv0GbECbJ7sSY2+IIgyCUR/iofP 7xYQ+swKO0H2k3Rnl7Ur5tU1Rk/tiy8MI3ikJObULUDzawQ3icSHYSspo4EaiS75 n5ov3rrmIR//jk/3ZnZ+IZYZfGjjqq6FuyKa453/KF1vaJqy0STdqbm7h6HkY7Oc aSaFMQDYnmlYlziKrxwlhV1tqkL032ppWnshVi8Y90gr17WdIAFLFZLyfS0X1UZD bccBt4940Y1RxEVWfsORetp3C2iSNWLyGrlJzaI9hOmpB62if7EEH6CowphPq9dQ O04pvph//vyNogTVCFXv0dJcJaveWN12nUftpcrQ1kDje66P3Zda+zlLuuscM5y3 3F2QYZt9qKlQzBOM97XFxSDJbLZA9/rxfXYH3LHP/iuQ1cCk6MIUwaKPQfmss933 FinMxzsuEbYxGQAA8a+a6bAYoBOJEZmkZ+G9IPuCOhlZSVoAdQ9tAE0/mG9KtdRw DD1WJXKgEB75POxZYhZ8gM+bnlh5C95jD+js4EjS+gtwnFbpxDtV5TDq68A2m5v2 qWH0oXn31l4DaSEabuJ5XO6RzKjhveAzWzcYHNpL+7iu0rJ3svQ5uE7jZzxA/V3n 4qOyDkm7YruevKz6sB6N =LCGh -----END PGP SIGNATURE----- --=-MN1YiBFHlv1TjrbX85/D--