| Don't ask us.. ask.. Hacker News? LMHNTFY? https://pwnaccelerator.github.io/2018/webusb-yubico-disclosu... https://www.imperialviolet.org/2017/10/08/securitykeytest.ht... The second one is (more) interesting, IMHO. The entries on how most of the keys have some defect or other are worth reading, since mostly nobody is looking at this stuff. The relevant paragraph on Feitian: Feitian ePass ASN.1 DER is designed to be a “distinguished” encoding, i.e. there should be a unique serialisation for a given value and all other representations are invalid. As such, numbers are supposed to be encoded minimally, with no leading zeros (unless necessary to make a number positive). Feitian doesn't get that right with this security key: numbers that start with 9 leading zero bits have an invalid zero byte at the beginning. Presumably, numbers starting with 17 zero bits have two invalid zero bytes at the beginning and so on, but I wasn't able to press the button enough times to get such an example. Thus something like one in 256 signatures produced by this security key are invalid. Also, the final eight bytes of the key handle seem to be superfluous: you can change them to whatever value you like and the security key doesn't care. That is not immediately a problem, but it does beg the question: if they're not being used, what are they? Lastly, the padding data in USB packets isn't zeroed. However, it's obviously just the previous contents of the transmit buffer, so there's nothing sensitive getting leaked. |