The protocol don't allow that. But we are talking about the manufacturer: they c... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		j16sdiz on April 19, 2023 \| parent \| context \| favorite \| on: Yubico is merging with ACQ Bure and intends to go ... The protocol don't allow that. But we are talking about the manufacturer: they can add a backdoor and sell the backdoor as a feature for subscribed user. That is what gp is talking about.

labcomputer on April 19, 2023 [–]

Well, sure, but that completely defeats the purpose of a security token. The whole point is that you can’t extract the crypto secret, even if you ask nicely.

In fact, the sales literature brags about how the secret never leaves the device!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact