Its similar to the YubiKey, a potential big benefit is its entirely open source (hardware and software)
Nitrokey pro for example supports
Secure Login: One Time Passwords allow secure two-factor-authentication with Google, Facebook and many more. Login to computers and network services (e.g. SSH) using certificates.
Email Encryption: Encrypt your emails with GnuPG, OpenPGP, S/MIME or your favourite email client. Keep your secret keys secure on your Nitrokey.
Hard Disk & File Encryption: Encrypt your hard disks and files using TrueCrypt, GnuPG Tools and more. Keep your secret keys secure on your Nitrokey.
Both hardware and software are open-source and free software. All development tools are available as open source and for free.
Your secret keys are stored in the tamper-resistant and PIN-protected device and are secured against computer viruses, loss and theft. RSA keys of 1024, 2048, 3072 and 4096 bit are supported.
The device is PIN-protected and is secured against hardware attacks.
oh that is a new one; looks interesting but because I just recently invested into yubikey I rather not buy one just for looks. A good integration into luks would be just amazing as that is what the yubikey totally lacks.
Despite that, I would be highly interested if its any good; If it proves worth it I would go for it.
I may second the request that @wendell@DeusQain should have a look =D
To answer your question, I have a couple trays of Yubikeys. Wendell and I have voiced our issues with them previously, and that's the "key" on Yubikeys is recoverable from Yubikey servers. Each key is unique, and the key is backed up elsewhere. You know, in case you lose the physical key. Which is good on one hand, bad on the other.
@DeusQain which key do you mean, the one used for the OTP function? (isn't that more of an ID?) Or is it even possible to calculate the SHA1 stuff used for the Challenge-Response thing?
Well, the HMC-SHA1 function for callenge-response one can "update" using their utility (which does not chat to any server during usage) and even the part used on the key for the OTP can be changed, and either uploaded to the auth server run by yubico or to a selve hosted one; though the preloaded OTP key has priority on their server.
For use with luks, only way I found was to use static password.. which, well does not make anything better.
Yeah, one not even needs to study it at a university, reading makes one feel bad already. It is cringe worthy how ignorant the world (the people in my circles, and the companies) is concerning basic security and the lack thereof
I would like to have at least 2FA on all my important accounts. Most sites only allow something where they text you a OTP. Kinda sucks, I want something physical.
Also, anybody know why security questions are still a thing?
It's the worst way of "identifying" but seems so overly convenient for companies; I "abuse them" I supply random 64 car strings as answers ^^ so... good luck guessing that.
