I'm seeing several links to different physical keys in the comments. Is there somewhere/someone that verifies these keys? Like a 3rd party testing/standards body?
I've always had it drilled into me that doing crypto yourself is fraught with peril. It seems that doing hardware would be doubly dangerous. I'd want more verification that the implementation is correct and "strong".
I think verification that the implementation is correct is easy enough, which implies that it is "strong", because these devices simply implement a spec.
What you might want to look at is things like hardware hardening or side channels. (Whether or not you consider this a matter of "correctness" can be argued, but here I would consider correct = implements correct algorithm.)
I think attacks against U2F devices are fairly difficult because you can't really use them as any kind of oracle, just due to the way the user interface works. But I am not a crypto expert, I just know how U2F works.
Note that most keys are level-1 certified, i.e. against online attacks. Physical attacks are generally not much important, because if an attacker has access to your key, he can simply use it. (unless you went through the additional hassle to set a pin, but very few people do it.)
I've always had it drilled into me that doing crypto yourself is fraught with peril. It seems that doing hardware would be doubly dangerous. I'd want more verification that the implementation is correct and "strong".