Don't Buy from Nitrokey. YubiKey Alternatives?

Methinks it is time to buy a YubiKey: Support for ed25519-sk · Issue #39 · Nitrokey/nitrokey-fido2-firmware · GitHub.

So I have owned that device, and I didn’t know that it didn’t support ED25519 when I bought it. When I tried to use it with my SSH keys, I discovered that it didn’t, but the Yubico security keys do. I thought, well that’s okay, I will wait until Nitrokey can give a firmware update. In general , the YuiKeys seem to have more features, but their firmware is closed source. :frowning: Well, several years later, the Nitrokey Fido2 still doesn’t have support for ED25519, and I asked for updates on their open issue on Github. We were shamed for not donating to the firmware development effort after buying the hardware, so therefore our expectation that [Nitrokey] implement new features after purchasing the product conflicts with their economic resources.

So here are some of my thoughts with this:

  1. If they are not making enough money off of hardware sales to justify firmware updates, why are they not charging more. I would have gladly paid more for my Nitrokey Fido 2.

  2. Why would I buy another Nitrokey after this organization does this when the feature set of YubiKeys are so much better.

  3. I guess I can see from their perspective that a new product needs to support new features and that’s how you get sales, but again, YubiKeys are so much more feature-rich. ED25519 isn’t exactly new.

P.S. I don’t know why I called it security updates. I just got angry, and wasn’t paying attention to what I was typing. Perhaps I was thinking “security key” when I typed that? I don’t know.

Could be lack of devs or to many bean counters telling the devs to go chase xyz instead?

Just a guess.

Out of curiosity why didn’t you go with a yubikey from the start?

Because of the open firmware architecture of the Nitrokeys. It would be cool to fork this repository though and write the code needed to give it ED25519 support. I don’t think I have the experience for that at the moment, and even so, my current device would have to become the development device.

2 Likes

Thats the kind of mindset that kills an open source projects long term business viability imo - seems like they had a change of heart, where they WERE going to support it, said so, then changed their minds.

If they’d just said “we won’t be supporting this on X hw, but are funding the feature through Y device sales for the upcoming Z device”, I wouldn’t like it, but at least I’d understand it.

2 Likes

This is why I went yubikey. I am all about supporting OSS but nitrokey just doesn’t compare.

5 Likes

Out of curiosity, have you ever reached out to them and offered your skills? I get that you might not be at the level to implement the feature you want. But maybe with you helping on another feature- that would free up a dev that could work on your feature.

No. I don’t think my skills would be very useful to them. Plus, I am a US citizen and they are based in Germany. I don’t think foreign worker laws are as convoluted in European countries as they are here in the States, but I am kinda hesitant to try anyway. Also, I hear that American jobs pay more than European ones.