I wish Yubikeys supported hardware AES encryption on the device, and a hardware entropy source (vibration, rf, probably couldn't fit atomic-decay-mesurement in a usb key, but something).
My personal tinfoil headwear has me believing that AES on any of the Big-2 CPU's is compromised, probably via key logging deep in the bowels of the die. And the RNG could have a similar backdoor.
FPGA or stock embedded CPU. I didn't mean literally any Big-2 CPU, I was thinking of desktop CPU's when I wrote that. I doubt the 8051's that you can buy by the spindle from electronics suppliers are backdoored, though its technically possible.
8051s also seem pretty under-powered for a task like that.
One thing with encryption on a USB-connected security dongle is that your scp / rsync / git pull invocation is going to go through it, and through its crypto engine. To make it not painfully slow, the crypto engine has to be pretty fast. It's likely not very cheap, either using a (fast) general purpose CPU core, or using custom / specialized circuitry.
Paying extra for high security at high speed may make complete sense in some cases. For a cheap mass-market product, it's less likely.
My personal tinfoil headwear has me believing that AES on any of the Big-2 CPU's is compromised, probably via key logging deep in the bowels of the die. And the RNG could have a similar backdoor.