Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 10:22 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Wed Oct 04, 2017 6:38 pm 
Offline
User avatar

Joined: Sun Jul 24, 2011 12:48 am
Posts: 37
If someone tries to use certs I have in my PIV, for, code signing say. They try and try and try, I assume it gets locked right? Are there any conditions where the Yubikey will "maliciously" (desired) destroy the key upon too many failures or anything? Or does it just "choose" to deny the usage of the contained keys and rely on the protection of the secure element to hopefully prevent forced physical access to the key information?

Clarification would be very helpful to know what is what.

Thanks.

_________________
My GnuPG (PGP) Key ID: 614D98E6


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Oct 09, 2017 7:25 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
Three attempts to verify the PIN and the PIN is blocked. Three attempts to verify the PUK and the PUK is blocked. At this point the only option is to reset the PIV applet. Management Key is the only thing that can hypothetically be brute-forced, but the person with the management key can't use the certificate that's stored on the YubiKey. They would have to generate a new one to use the key. All scenarios are basically covered on our developer website. Recommend you start with https://developers.yubico.com/PIV/Intro ... ccess.html

There is no way to render the PIV applet completely useless (otherwise lots of customers will experiment, lock the PIV applet permanently, and demand a replacement). This isn't like a basic smart card where you lock it and you have to throw it away and buy another one. There are several other manufacturers that offer those.


Top
 Profile  
Reply with quote  
PostPosted: Mon Oct 09, 2017 7:26 pm 
Offline
User avatar

Joined: Sun Jul 24, 2011 12:48 am
Posts: 37
Very nice. Thanks for letting me know.

_________________
My GnuPG (PGP) Key ID: 614D98E6


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group