Indeed - ensuring prompt revocation workflow for security keys has always been best practice. Also, according to the Ars Technica article, the bar is higher:
"The attacks require about $11,000 worth of equipment and a sophisticated understanding of electrical and cryptographic engineering. The difficulty of the attack means it would likely be carried out by nation-states or other entities with comparable resources and then only in highly targeted scenarios. The likelihood of such an attack being used widely in the wild is extremely low."
So it's not like "proxmark reader in a backpack, dude having a smoke outside the data center" level of cloning. :D
Royce Williams
npub1d9…v7m3z
2024-09-03 18:24:37 UTC
in reply to nevent1q…leg5
Author Public Key
npub1d9j86kugzarj4skw6juglk2de6mful9svqu8yac6vum5wz5xtcwsyv7m3zPublished at
2024-09-03 18:24:37 UTCEvent JSON
{
"id": "e8c2975d0c9ba9435563e5b96a394886e14e3945bfa9ff5099f22d3e98b10400",
"pubkey": "69647d5b8817472ac2ced4b88fd94dceb69e7cb0603872771a6737470a865e1d",
"created_at": 1725387877,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/@tychotithonus/113075019956141620",
"web"
],
[
"p",
"57602c28c0fdeffe22a72fda81350d8e3a1d4db24a8958fdca6ef74063d01332"
],
[
"e",
"4782f9c9fd81956f64be87deabfd1d53b35daa6ec9ee467a0b91e067b509f20b",
"",
"root",
"57602c28c0fdeffe22a72fda81350d8e3a1d4db24a8958fdca6ef74063d01332"
],
[
"proxy",
"https://infosec.exchange/users/tychotithonus/statuses/113075019956141620",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/tychotithonus/statuses/113075019956141620",
"pink.momostr"
],
[
"-"
]
],
"content": "Indeed - ensuring prompt revocation workflow for security keys has always been best practice. Also, according to the Ars Technica article, the bar is higher:\n\n\"The attacks require about $11,000 worth of equipment and a sophisticated understanding of electrical and cryptographic engineering. The difficulty of the attack means it would likely be carried out by nation-states or other entities with comparable resources and then only in highly targeted scenarios. The likelihood of such an attack being used widely in the wild is extremely low.\"\n\nSo it's not like \"proxmark reader in a backpack, dude having a smoke outside the data center\" level of cloning. :D",
"sig": "261c7945ee1e8f54e3eb5d8b4c2e99b49b0c7d48f97de9c6d5a51a142021c883b275fbbd5f53f59ab9014afa3bf7647abc3a51d639953a215d56bd03f87127ba"
}