Nostr Web Client

How does the recently disclosed yubikey vulnerability affect nostr:npub1casacasahesdrpu6npfth2t0ae37a2cdwwg3c4fkt30v7gzffx3q7wtzdc customers nostr:note1mpgj98jf0ak957c6k80lu0j3s4lswzvxztzrdvhdrswkgtl7kf2q9hfzz5

Reply to this note

Please Login to reply.

Discussion

Kc 1y ago

Effectively, you should treat a yubikey compromised if you suspect it could be tampered with by a third party. But that was already the case previously. It just got a *bit* easier.

elsat 1y ago

Thanks for the insight 🙏.

I asked the same question of the founder a few weeks back and did not hear back.

Kc 1y ago

You're welcome. I was also asking myself a similar question earlier this month. 😄

freeborn | ἐλεύθερος | 8r0gwg 1y ago

can't use a yubikey to secure *anything* - one bad actor with a flipper zero and you're toast

Casa 1y ago

Hi there! The tampering vulnerability you might be referring affects devices with a firmware version below the version we have been shipping to our members.

It's not a good security practice to leave YubiKeys or hardware wallets lying around anyway. Keep them in an access-controlled location and secure them with a PIN.