Skip to content

Validation failures of recent YubiKeys

tags: , ,

The network issues on api2 yesterday caused two of our key storage machines (KSMs) to malfunction. The KSM software was hanging trying to talk to api2 that was unavailable. Normally, losing two KSMs will not cause any service interruption. However due to another issue, the encrypted keys (AEADs) for a number of recently manufactured YubiKeys had not been distributed to all KSMs. Thus the only two machines that had the information required to validate these recent YubiKeys became unavailable, and validation did not work for these YubiKeys. We are working on resolving the software bug so the hang does not happen again, and independently also on improving the AEAD distribution to all our KSMs. To clarify, only very recently purchased YubiKeys should have been affected. We are sorry for any problem experienced — please contact if you have any questions or comments.

Update: For reference, less than 1% of the total number of YubiKeys and around 1.8% of customers were affected.

Comments are closed.

%d bloggers like this: