[Gnuk-users] Is the FST-01 vulnerable to fault injection?

Jonathan Schleifer js-gnuk-users at webkeks.org
Thu Aug 17 18:25:24 UTC 2017

> I don't think so. Sure, keys can be extracted, but since they're stored
> encrypted by the PIN they're "useless" for the attacker (he'll have to
> brute force the PIN and that's quite doable since the S2K uses a reduced
> number of rounds).
> *But* if the attacker can steal your token, it's like having root on
> your machine... Game over!

Well, that doesn't read like it needs to be stolen, just 15 seconds to extract the keys, the bruteforce could then be done offline.


More information about the gnuk-users mailing list