I'm going to use a Yubikey 4 for TOTP, U2F and PGP. I'm not worried if I leak a token for site A to site B but I'm worried if malware in compromised machine can wait for me to login somewhere and press the button and send a PGP sign or decrypt operation to the yubikey. I will press the button to authorize the operation because I'm login into a site but the malware will use the opportunity to forge a message for example or authenticate to a remote SSH server.
Is there a light pattern or press pattern to avoid this attack? For example press twice or press longer for PGP operations or different light flashing.
thank youStatistics: Posted by jucoin — Sat Mar 04, 2017 12:26 am
]]>