An issue affecting YubiKey security keys has led to Yubico issuing a recall of the devices, which are aimed at government users.
According to Yubico, the problem only affects YubiKey FIPS series devices, which follow Federal Information Processing Standards (FIPS) set by the National Institute of Standards and Technology (NIST) for use in non-military government agencies. YubiKey FIPS devices with firmware versions 4.4.2 or 4.4.4 have reduced randomness in generated keys because, according to Yubico, “the buffer holding the value contains some predictable content making the value less random than intended. This issue occurs during power-up of the YubiKey only.”
In the security advisory for the issue, Yubico said this means RSA keys could be “impacted by up to 80 predictable bits out of a minimum of 2048 bits,” ECDSA (elliptic curve digital signature algorithm) signatures and ECC keys could be impacted by up to 80 bits out of 256, and with ECC encryption “16 bits of the private key become known.” This reduced randomness results in weaker keys, but Yubico claims this should not make “known cryptographic attacks to be significantly easier to accomplish.”
Even with the reduced randomness of the keys, Yubico noted 240 bit keys have not been defeated at this time and in the most risky scenario, an attacker would need to collect “several” ECDSA signatures in order to be able to calculate the private key.
The YubiKey FIPS issue was discovered in mid-March by Yubico, and the company said in its advisory that it has seen no evidence of attacks in the wild. Yubico fixed the problem with firmware version 4.4.5, which has been shipping in new YubiKey FIPS series devices since April 30, when NIST granted FIPS certification for the firmware.
Yubico does not allow firmware on its security keys to be accessed or altered, so affected keys cannot be updated to the newer firmware. Instead, Yubico is offering free replacement YubiKey FIPS devices for those affected. This is only the second time Yubico has had to offer replacement devices to fix a security issue; the last time was in January 2018.
“To safeguard the security of our customers, Yubico has been conducting an active key replacement program for affected FIPS devices (versions 4.4.2 and 4.4.4) since the issue was discovered and recertification was achieved,” Yubico wrote in its advisory. “At the time of this advisory, we estimate that the majority of affected YubiKey FIPS Series devices have been replaced, or are in process of replacement with updated, fixed versions of the devices.”