1:53 p.m.
--=-MN1YiBFHlv1TjrbX85/D
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Le mardi 17 octobre 2017 =C3=A0 13:33 +0300, Eyal Edri a =C3=A9crit=C2=A0:
Thanks,
=20
So if I have an old YubiKey ( 2.43 ) I shouldn't be affected right?
only V4
is ?
That's what the post on yubico.com seems to imply. We do not know what
chipset is used in the key, so I can't give a educated guess. But I
hear people using yubikey neo weren't affected.
Now, only the CCID function is problematic, and only if you did
generate the ssh key on the chip (e.g., followed official doc on https
://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PKCS11.html and
used "yubico-piv-tool -s 9a -a generate -o public.pem" )
If you imported the key, then that should be ok.
If you use the yubikey for non smartcard use (e.g. U2F, 2FA for RH VPN
or similar system ), that's ok too.
On Tue, Oct 17, 2017 at 12:56 PM, Marc Dequ=C3=A8nes (Duck)
<duck(a)redhat.com>
wrote:
=20
> Quack,
>=20
> So the news (thanks Misc for the alert):
>=20
> https://www.infineon.com/cms/en/product/promopages/rsa-
> update/rsa-background
>=20
> This affects Yubikeys and other hardware:
> =C2=A0 https://www.yubico.com/support/security-advisories/ysa-2017-01/
>=20
> There's a nice tool to test if a key is vulnerable:
> =C2=A0 https://github.com/crocs-muni/roca
>=20
> I tested keys in the oVirt Puppet repository and none are affected.
>=20
> You may check your other keys and ensure keys are checked in other
> projects.
>=20
> \_o<
>=20
>=20
> _______________________________________________
> Infra mailing list
> Infra(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/infra
>=20
>=20
=20
=20
_______________________________________________
Infra mailing list
Infra(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/infra
--=20
Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS
--=-MN1YiBFHlv1TjrbX85/D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJZ5eENAAoJEE89Wa+PrSK9PvAP/2/FVqtHxod/zaLsmiKDANam
BZbEAVN/wlggHkVDot6lexDqu386om21lp0ctcv0GbECbJ7sSY2+IIgyCUR/iofP
7xYQ+swKO0H2k3Rnl7Ur5tU1Rk/tiy8MI3ikJObULUDzawQ3icSHYSspo4EaiS75
n5ov3rrmIR//jk/3ZnZ+IZYZfGjjqq6FuyKa453/KF1vaJqy0STdqbm7h6HkY7Oc
aSaFMQDYnmlYlziKrxwlhV1tqkL032ppWnshVi8Y90gr17WdIAFLFZLyfS0X1UZD
bccBt4940Y1RxEVWfsORetp3C2iSNWLyGrlJzaI9hOmpB62if7EEH6CowphPq9dQ
O04pvph//vyNogTVCFXv0dJcJaveWN12nUftpcrQ1kDje66P3Zda+zlLuuscM5y3
3F2QYZt9qKlQzBOM97XFxSDJbLZA9/rxfXYH3LHP/iuQ1cCk6MIUwaKPQfmss933
FinMxzsuEbYxGQAA8a+a6bAYoBOJEZmkZ+G9IPuCOhlZSVoAdQ9tAE0/mG9KtdRw
DD1WJXKgEB75POxZYhZ8gM+bnlh5C95jD+js4EjS+gtwnFbpxDtV5TDq68A2m5v2
qWH0oXn31l4DaSEabuJ5XO6RzKjhveAzWzcYHNpL+7iu0rJ3svQ5uE7jZzxA/V3n
4qOyDkm7YruevKz6sB6N
=LCGh
-----END PGP SIGNATURE-----
--=-MN1YiBFHlv1TjrbX85/D--