YubiKey-Guide icon indicating copy to clipboard operation
YubiKey-Guide copied to clipboard
verified publisher icon drduh

Key Overwriting Attacks

Open fabiolucidi opened this issue 3 years ago • 2 comments

Hi, thank you for your guide, it's very helpful and a great starting point to understand many things around YK, PGP, SSH and - more in general - security. I think it would be worth stressing the importance of a safe storage of the backup (USB device as well as paper backup) and the fact that MasterKey and LUKS passphrases are the only barrier to protect your MK from Key Overwriting Attacks as well as others. It doesn't change a thing about what to do, just gives more color about why we do it that way (and why not to skip those steps!)

Also, the --force-aead option could be used as an interim solution to the KO Attacks (proposed by the authors).

This is just an enhancement proposal. Thank you, Fabio

fabiolucidi avatar May 06 '22 09:05 fabiolucidi

Thanks for the tip. Probably less of a concern with backups offline, would you agree? Either way, feel free to send a PR to include it in the guide.

drduh avatar Aug 21 '22 18:08 drduh

I agree...I'll do it as soon as I can. Thanks

fabiolucidi avatar Aug 24 '22 18:08 fabiolucidi