Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No word on switching back to open source. Their YubiKey NEO was open source; not sure why insist on proprietary code for the YubiKey 4. I'm frankly not comfortable with this kind of "security by obscurity".

https://github.com/Yubico/ykneo-openpgp/issues/2#issuecommen...

Edit: Never mind, there's actually a reasonable explanation for the change: https://www.yubico.com/2016/05/secure-hardware-vs-open-sourc...



I believe it has been discussed here previously, but open source on a propietary firmware (Java VM) wouldn't be considered open source by many.

https://news.ycombinator.com/item?id=11691655

It is interesting how it allowed revealing the details of a bug in the implementation, though.

https://developers.yubico.com/ykneo-openpgp/SecurityAdvisory...


> open source on a propietary firmware (Java VM) wouldn't be considered open source

It's significantly better than completely closed though!


Why? You still can't control, fix or trust the software as a whole.

It's like a parachute that almost opens.


Then it's at least a parachute and not a backpack with an anvil.


And yet you'll still be in trouble when you impact the ground


For my feel, the phrase "security by obscurity" is a little overapplied.


My understanding was this had to do with a licensing issue with one of the chips they were using.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: