On Tue, Sep 03, 2024 at 09:21:00PM GMT, Kirill A. Korinsky wrote: > misc@, > > due to the discovered vulnerability in YubiKey [1] which leads to buying a > new device, I'm thinking of changing the used vendor because OTP HID doesn't > work on OpenBSD. > > So here is the question, can you suggest a device that has: > - FIDO2 > - OATH > - OpenPGP > - USB-C > - and small, ideally in the size of YubiKey nano. > > Thanks!
I use a Nitrokey 3A. There is an USB-C version, but is waaaaay bulkier than the YubiKey 5 Nano. The upside of Nitrokey is that the firmware is Open Source and the devices are updatable. The downsides include the tooling not being great for most of end-users (I guess you shouldn't have issues with it tho) and pynitrokey [0] isn't ported (I tried to port it at some point but it hardcodes way too many dependencies, and the dependencies do the same. It was a patching hell and I didn't manage to finish it before considering it pointless. Also, I'm quite sure I tried to run it in a virtualenv without success, neither.) [0]: https://github.com/Nitrokey/pynitrokey Lucas
