I'm currently using both Nitrokeys and YubiHSMs on a client project. Both work pretty nicely, but some notes:
1. Nitrokeys can't do Ed25519. If you want to do ECC, you're stuck with NSA Suite B (which may be fine, depending on your purposes). This was a bummer for me, though, in the context of a greenfield project. YubiHSMs can do Ed25519...but they can't generate attestation certificates for Ed25519 keypairs. This isn't well documented anywhere; I had to lean on a friend who knew a Yubico engineer.
2. Nitrokeys can do attestation against a baked in certificate. However, they can't export those attestations via PKCS#11 -- you have to use some custom shell provided by the underlying hardware vendor (CardContact). The baked in cert (and its public roots) are also RSA2048, which is a bit of a bummer. Oh, and everything's in a weird container format[1] that isn't x509. It's still ASN.1 + DER, at least.
Used the original Nitrokey HSM model on a code-signing server project with a Customer a couple of years ago. I haven't worked with "big name" HSMs before (we looked at Gemalto when we were spec'ing the project but were scared off by the ridiculous pricing) so I can't compare them to "serious" HSMs, but for our project they were a good fit.
The applet running inside the original HSM model is in no way free / open source. The dev tools for the applet are really good, the documentation is top notch, and the integration with OpenSC is very good, but it's definitely proprietary. For our purposes that was not problematic. I don't know if this has changed for the "2" model. Edit: The "2" model also uses the proprietary Smartcard HSM applet.
It was nice, as compared with big name HSMs, to be able to configure the Nitrokey HSM to support escrow of the key material offline (printed on paper in an AES-encrypted state). The project we were working has a 25 year service life for the key material, and Gemalto's solution was "We can't let you escrow key material but we can let you keep buying new Gemalto HSMs every few years."
(I know putting the key material into escrow adds risk, but the risk if keys were lost was considered greater. We ran a commissioning ceremony on the Customer's site, with Customer-provided air-gapped hardware, video recorded and with witnesses present, with the printed keys immediately going into serialized tamper-evident envelopes, all to try to mitigate some of that risk.)
I've been meaning to check these out for a while as I'm totally useless (although, in security terms my chaos probably means I'm securer... just not conveniently-so) with password organisation.
I more mean all the second tier shit I could barely care less about, but have to manage across multiple machines.
I also remembered that if I subscribe to ArsTechnica, they give you a 'free' key for your $50 subscription. Not bad when the keys cost $45!
Anyway, thanks for the prod!
(I'm not in any way affiliated with Ars or CondéNast - I don't benefit from mentioning their offer here - I'm just a reader and your prompt made everything fall into place!)
I wish they would make something that felt more durable. I bought the U2F key and the combination of plastic and not quite being sure where to press left me with a very flimsy feeling.
I like everything they say they stand for, but compared to my Yubikey the quality is night and day. Something that important that lacks durability is a problem.
Most of these key products "feel" expensive to me, which is purely subjective. Can someone more knowledgeable explain where the cost comes from? Small runs, extended research, custom hardware issues, etc? All of the above?
I think the bigger companies like Yubico are probably now doing runs large enough to be able to compete with many other consumer electronics. So far as amortising R&D and strait manufacture costs.
However they have very high marketing costs as it is harder to explain to the non-Hacker News crowd. They also have little competition, and a high perceived value so are probably slightly price inflated.
As a value proposition I am very happy with mine, and the ones I have given my family.
I think this can be better explained by starting with the company (instead of the device) which is lean but still requires development and maintenance, purchasing and manufacturing, billing and accounting, customer support, management, shipment and logistics. Those tasks need to be paid.
Do any of these have NFC? I had the most magical experience recently. I was logging into Google from my iPhone, and it said "hold your Security Key near the top of your phone." Knowing that there was no way that could possibly work, I did it anyway, just to show everyone (in my empty apartment) how dumb Google was for telling me to do that.
It worked perfectly! I might never use a password again!
Unlike some competitors, Nitrokey contains a complete and standard compliant USB plug. This ensures thousands of insertions without connectivity issues.
Here I am waiting for a Type-C from them. Yet they claim that’s a good thing. What utter bullshit.
I don't think Nitrokey is claiming that the lack of USB Type-C connector is a good thing. Rather, it appears to be a specific reference to Yubikey's (and maybe also other competitors') "half USB" designs where the very slim HSM slides into a USB port, but isn't actually a USB-compliant connector.
I think both approaches are fine, and it's really a matter of preference. But it _would_ be nice if manufacturers of USB-connected devices that strictly speaking aren't actually USB-compliant would be a little more explicit about that detail.
I get the value if you assume the host is not compromised and you are worried about encrypt-at-rest or for transmit, but how does a user securely provide a PIN to the device if the host itself is rooted?
That's why in another comment I mentioned that the confirmation button / touch-sensor (and LED) on the Yubikeys is important. If a malware tries to use the key with the compromised PIN or while the credentials are cached, the Yubikey will still ask for confirmation. If it's asking for confirmation when you did nothing to trigger it, then that's a sign that the host might be compromised. Simply don't confirm, fix the malware issue, and change the PIN.
I do wonder if physical hardware keys still make sense (at least under a threat model where my hardware is almost always in my home or, if not, under my control) if every device I use has a secure enclave that could conceivably used to fulfill the same role.
That's essentially what https://krypt.co/ is...I've used Yubikeys in the past, but have been on Krypton for maybe the past year or so. No problems with it at all, aside from GitHub recently (within the past couple of weeks) not recognizing the authorization despite it working just fine elsewhere. I haven't had a chance to dive deeper into why.
I wish there was an encrypted storage drive that combined something like USB killer with the storage device. Instead of destroying the host, however, it would physically destroy itself if certain criteria were met.
Seems like they've got the security UX down and into a convenient form factor, with a customer list whose judgment I would trust, and I'm going to assume their implementations are sound and free of issues.
As a security product guy who says, "for all security products, the threat model defines the business model," I have to ask, what's the threat model for this product?
If you're just wanting the 2FA piece (and not the other fancy stuff that the Nitro has), I use the Yubikey 5 NFC and really like it. It's so slim I don't notice it on my keychain and it's very durable.
As of somewhat recently NFC is supported on iOS, so I also keep all my OTP tokens on the Yubikey, and can access them via the Yubico Authenticator app on a computer or on my phone.
One potential downside is that the only Yubikey that has NFC is USB-A only. Another is that there's no backup mechanism (which is by design for security, I guess), so you really need two Yubikeys and program them both identically in case you lose one.
Which part are you wondering about? Everything is laid out pretty clearly under the "Nitrokey Enables" section. It's a 2FA token that supports OTP and U2F (like the Yubikey), but also has secure storage (flash drive).
The claimed "plausible deniability" benefit seems dubious. You are carrying a branded device with marketing materials that tout its ability to offer you plausibly deniability…
Plausible deniability refers to Nitrokey Storage's hidden volumes. They can optionally be setup, but no need to, and without the appropriate password it can't be distinguished. Similiar to VeraCrypt's hidden volumes.
In the case of Yubikey's OpenPGP smartcard emulation, you can generate the key on a computer, write it to the Yubikey, then do whatever kinds of backups of the keys you like. If the Yubikey is destroyed or lost, you can buy a new one and write the key to it from a backup.
If I recall correctly, writing the key is an OpenPGP smartcard feature, so it should work on any hardware key that supports acting as an OpenPGP smartcard.
The Yubikey documentation recommends always buying them at least in pairs. And configure them both for access.
If you use either a Static Password an HMAC-SHA1 Challenge-Response or TOTP with the key you can easily backup the secret material used to program the key and replace the key if one fails.
[+] [-] woodruffw|5 years ago|reply
1. Nitrokeys can't do Ed25519. If you want to do ECC, you're stuck with NSA Suite B (which may be fine, depending on your purposes). This was a bummer for me, though, in the context of a greenfield project. YubiHSMs can do Ed25519...but they can't generate attestation certificates for Ed25519 keypairs. This isn't well documented anywhere; I had to lean on a friend who knew a Yubico engineer.
2. Nitrokeys can do attestation against a baked in certificate. However, they can't export those attestations via PKCS#11 -- you have to use some custom shell provided by the underlying hardware vendor (CardContact). The baked in cert (and its public roots) are also RSA2048, which is a bit of a bummer. Oh, and everything's in a weird container format[1] that isn't x509. It's still ASN.1 + DER, at least.
[1]: https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/...
[+] [-] nhooyr|5 years ago|reply
[+] [-] EvanAnderson|5 years ago|reply
The applet running inside the original HSM model is in no way free / open source. The dev tools for the applet are really good, the documentation is top notch, and the integration with OpenSC is very good, but it's definitely proprietary. For our purposes that was not problematic. I don't know if this has changed for the "2" model. Edit: The "2" model also uses the proprietary Smartcard HSM applet.
It was nice, as compared with big name HSMs, to be able to configure the Nitrokey HSM to support escrow of the key material offline (printed on paper in an AES-encrypted state). The project we were working has a 25 year service life for the key material, and Gemalto's solution was "We can't let you escrow key material but we can let you keep buying new Gemalto HSMs every few years."
(I know putting the key material into escrow adds risk, but the risk if keys were lost was considered greater. We ran a commissioning ceremony on the Customer's site, with Customer-provided air-gapped hardware, video recorded and with witnesses present, with the printed keys immediately going into serialized tamper-evident envelopes, all to try to mitigate some of that risk.)
[+] [-] jolmg|5 years ago|reply
[+] [-] malandrew|5 years ago|reply
ccccccidufjlndefkacuknijintbntjnkdnrrtncrkfi
[+] [-] detritus|5 years ago|reply
I more mean all the second tier shit I could barely care less about, but have to manage across multiple machines.
I also remembered that if I subscribe to ArsTechnica, they give you a 'free' key for your $50 subscription. Not bad when the keys cost $45!
Anyway, thanks for the prod!
(I'm not in any way affiliated with Ars or CondéNast - I don't benefit from mentioning their offer here - I'm just a reader and your prompt made everything fall into place!)
[+] [-] jzig|5 years ago|reply
[+] [-] brightball|5 years ago|reply
I like everything they say they stand for, but compared to my Yubikey the quality is night and day. Something that important that lacks durability is a problem.
[+] [-] tweetle_beetle|5 years ago|reply
[+] [-] ZiiS|5 years ago|reply
[+] [-] jans23|5 years ago|reply
[+] [-] jrockway|5 years ago|reply
It worked perfectly! I might never use a password again!
[+] [-] abstractbarista|5 years ago|reply
[+] [-] lmm|5 years ago|reply
[+] [-] fsflover|5 years ago|reply
[+] [-] navaati|5 years ago|reply
The integration with the TPM, disk encryption and login in their machines looks amazing !
No FIDO2 though :(. Maybe in the future.
[+] [-] brunoqc|5 years ago|reply
Is that a good thing?
[+] [-] nobodyshere|5 years ago|reply
Here I am waiting for a Type-C from them. Yet they claim that’s a good thing. What utter bullshit.
[+] [-] jeffparsons|5 years ago|reply
Take a look at https://www.yubico.com/product/yubikey-5-nano for an example.
I think both approaches are fine, and it's really a matter of preference. But it _would_ be nice if manufacturers of USB-connected devices that strictly speaking aren't actually USB-compliant would be a little more explicit about that detail.
[+] [-] andrius4669|5 years ago|reply
[+] [-] Fnoord|5 years ago|reply
[+] [-] jrexilius|5 years ago|reply
[+] [-] jolmg|5 years ago|reply
[+] [-] trishankdatadog|5 years ago|reply
[+] [-] laksdjfkasljdf|5 years ago|reply
Is this still the case? their site only have pgp support as a binary option on the models, no extra info anywhere to be found on their search.
[+] [-] dang|5 years ago|reply
a thread from 2019: https://news.ycombinator.com/item?id=21978384
[+] [-] dochtman|5 years ago|reply
[+] [-] elasticdog|5 years ago|reply
[+] [-] batch12|5 years ago|reply
[+] [-] motohagiography|5 years ago|reply
As a security product guy who says, "for all security products, the threat model defines the business model," I have to ask, what's the threat model for this product?
[+] [-] cordite|5 years ago|reply
[+] [-] ftonobo|5 years ago|reply
[+] [-] jans23|5 years ago|reply
[+] [-] jasonv|5 years ago|reply
[+] [-] justusthane|5 years ago|reply
As of somewhat recently NFC is supported on iOS, so I also keep all my OTP tokens on the Yubikey, and can access them via the Yubico Authenticator app on a computer or on my phone.
One potential downside is that the only Yubikey that has NFC is USB-A only. Another is that there's no backup mechanism (which is by design for security, I guess), so you really need two Yubikeys and program them both identically in case you lose one.
[+] [-] rkagerer|5 years ago|reply
[+] [-] justusthane|5 years ago|reply
[+] [-] edw|5 years ago|reply
[+] [-] jans23|5 years ago|reply
[+] [-] virtue3|5 years ago|reply
[+] [-] sedatk|5 years ago|reply
Nope, thanks.
[+] [-] nafts|5 years ago|reply
[+] [-] jolmg|5 years ago|reply
If I recall correctly, writing the key is an OpenPGP smartcard feature, so it should work on any hardware key that supports acting as an OpenPGP smartcard.
[+] [-] foxtrottbravo|5 years ago|reply
If you use either a Static Password an HMAC-SHA1 Challenge-Response or TOTP with the key you can easily backup the secret material used to program the key and replace the key if one fails.
Store backups safely.
[+] [-] malandrew|5 years ago|reply
[+] [-] jans23|5 years ago|reply
The Nitrokey HSM supports encrypted backups of keys.
[+] [-] fbnlsr|5 years ago|reply
[+] [-] Insanity|5 years ago|reply