[Gnuk-users] Is the FST-01 vulnerable to fault injection?
NdK
ndk.clanbo at gmail.com
Thu Aug 17 18:23:13 UTC 2017
Il 17/08/2017 20:01, Jonathan Schleifer ha scritto:
> Considering the FST-01 is using a similar chip and has a similar use case:
> https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8
> Is the FST-01 vulnerable to this?
I don't think so. Sure, keys can be extracted, but since they're stored
encrypted by the PIN they're "useless" for the attacker (he'll have to
brute force the PIN and that's quite doable since the S2K uses a reduced
number of rounds).
*But* if the attacker can steal your token, it's like having root on
your machine... Game over!
BYtE,
Diego
More information about the gnuk-users
mailing list