YubiKey not affected by recent report

We’ve been getting numerous questions asking if the YubiKey exhibits the problems reported to affect tokens from some other token vendors.

The YubiKey does not perform any asymmetric encryption, and hence has no PKCS#11 interface. It also does not use PKCS#1 1.5.

As for the symmetric encryption vulnerabilities discussed, we understand them to be related to padding attacks on AES CBC. The YubiKey does not employ CBC mode, so it is not affected by any problems with CBC mode either.