The researchers explained how they discovered the vulnerability because they found an open platform based on Infineon's cryptographic library, which Yubico uses. They confirmed that all YubiKey 5 ...

Some of them (and this is the case for YubiKey 5 Series) run the Infineon cryptographic library (that Infineon develops for their customers that do not want to develop their own).

The 5.7 firmware contains Yubico's own cryptographic library and these new devices are not impacted by Infineon's vulnerability. FIDO is the strongest, phishing-resistant protocol.

The Eclypses Cryptographic Library (ECL), which acts as a key component inside its Secure MTE Technology, successfully passed a series of tests conducted by an independent NIST-accredited laboratory.

Home Cybersecurity Cybersecurity Google Releases Test Set to Check Cryptographic Library Security Written by Jaikumar Vijayan Published December 19, 2016 ...