| Yubico Forum https://forum.yubico.com/ |
|
| distinguish operation requested before pressing button https://forum.yubico.com/viewtopic.php?f=35&t=2589 |
Page 1 of 1 |
| Author: | jucoin [ Sat Mar 04, 2017 12:26 am ] |
| Post subject: | distinguish operation requested before pressing button |
Hello, I'm a new YK users, loving it so far. I'm concerned a bout one potential issue: I'm going to use a Yubikey 4 for TOTP, U2F and PGP. I'm not worried if I leak a token for site A to site B but I'm worried if malware in compromised machine can wait for me to login somewhere and press the button and send a PGP sign or decrypt operation to the yubikey. I will press the button to authorize the operation because I'm login into a site but the malware will use the opportunity to forge a message for example or authenticate to a remote SSH server. Is there a light pattern or press pattern to avoid this attack? For example press twice or press longer for PGP operations or different light flashing. thank you |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|