> The new YubiKey firmware 5.7 update (May 6th, 2024) switches the YubiKeys from Infineon cryptographic library to Yubico new cryptographic library. To our knowledge, this new cryptographic library is not impacted by our work.
Found vuln in library used by many for 14 years. Solution: switch to custom code. That's a bold strategy. I hope it pays off.
> Infineon has already a patch for their cryptographic library [---]
On the other hand: The commonly-used library contained a vulnerability that went undetected for 14 years. Yubico is also very much in the business of embedded and side-channel-hardened cryptography.
This might just be one of the cases where switching to custom code is the right move.
Found vuln in library used by many for 14 years. Solution: switch to custom code. That's a bold strategy. I hope it pays off.
> Infineon has already a patch for their cryptographic library [---]