Gentoo Archives: gentoo-project

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-project@l.g.o
Subject: [gentoo-project] Nitrokey Pro not vulnerable to the Nitrokey Start read-only bit
Date: Tue, 30 Apr 2019 17:06:44
1 TL;DR: The Foundation/Nitrokey partnership is sending Nitrokey Pro units
2 that are not the same as the Nitrokey Start units vulnerable to hands-on
3 key extraction attack.
5 As a few people have asked about it:
6 There was a production batch of "Nitrokey Start" units that did not have
7 a read-protection bit configured, and thus were vulnerable to a key
8 extraction attack:
10 The issue was specific to a batch of hardware that was mis-programmed,
11 and the issue is not present on newer Nitrokey Start units.
14 The Foundation/Nitrokey partnership is providing Nitrokey Pro 2 units,
15 which are supposedly not vulnerable to this issue (but I'd be happy for
16 a hardware hacker to confirm this, I understand that the Pro2 has a
17 seperate smartcard internally)
19 If you already had an older Nitrokey Start unit, reviewing/updating the
20 firmware is advised.
22 --
23 Robin Hugh Johnson
24 Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
25 E-Mail : robbat2@g.o
26 GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
27 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136


File name MIME type
signature.asc application/pgp-signature