Module Name
YubiKey 4 Cryptographic Module
Revoked Reason
The firmware versions have a security flaw.
Revoked Link
https://www.yubico.com/support/security-advisories/ysa-2019-02/
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy
Security Level Exceptions
- Physical Security: Level 3
- EMI/EMC: Level 3
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Description
The Yubikey 4 cryptographic module is a secure element that supports multiple protocols designed to be embedded in USB security tokens. The module can generate, store, and perform cryptographic operations for sensitive data and can be utilized via an external touch-button for Test of User Presence in addition to PIN for smart card authentication.The module implements five major functions - Yubico One Time Password (OTP), FIDO Universal 2nd Factor (U2F), PIV-compatible smart card, OpenPGP smart card and OATH OTP authentication.
Allowed Algorithms
EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG
Hardware Versions
SLE78CLUFX3000PH
Firmware Versions
4.4.2, 4.4.4