Thursday, September 05, 2024

Re: YubiKey replacment

For what it's worth, I sent a nitrocli port to ports@ and it ended up
lost in commit limbo. I have not tested it with Nitrokey 3A

https://www.mail-archive.com/ports%40openbsd.org/msg121357.html

Lucas Gabriel Vuotto wrote:
> On Tue, Sep 03, 2024 at 09:21:00PM GMT, Kirill A. Korinsky wrote:
>> misc@,
>>
>> due to the discovered vulnerability in YubiKey [1] which leads to buying a
>> new device, I'm thinking of changing the used vendor because OTP HID doesn't
>> work on OpenBSD.
>>
>> So here is the question, can you suggest a device that has:
>> - FIDO2
>> - OATH
>> - OpenPGP
>> - USB-C
>> - and small, ideally in the size of YubiKey nano.
>>
>> Thanks!
>
> I use a Nitrokey 3A. There is an USB-C version, but is waaaaay bulkier
> than the YubiKey 5 Nano.
>
> The upside of Nitrokey is that the firmware is Open Source and the
> devices are updatable. The downsides include the tooling not being great
> for most of end-users (I guess you shouldn't have issues with it tho)
> and pynitrokey [0] isn't ported (I tried to port it at some point but it
> hardcodes way too many dependencies, and the dependencies do the same.
> It was a patching hell and I didn't manage to finish it before
> considering it pointless. Also, I'm quite sure I tried to run it in a
> virtualenv without success, neither.)
>
> [0]: https://github.com/Nitrokey/pynitrokey
>
> Lucas
>

No comments:

Post a Comment