@rysiek@mstdn.social @thetechtutor@me.dm
Thanks for coming to my defense Michal. The statement that only brief access is required comes from the ninjalab researcher. He believes a nation state attacker could devise a streamlined way to quickly tear down the YubiKey, extract the electromagnetic emanations needed, physically reconstruct it and return it to the target. The remaining key extraction would happen off-line in the hours following that. This scenario may or may not be realistic, so I have changed the word "brief' to "temporary." Also, if anyone claims I said this attack is cheap, they're putting words in my mouth. The article makes clear in the cloning requires a tremendous amount of cryptographic and electric engineering expertise and $11,000 worth of equipment.