Hacker News new | past | comments | ask | show | jobs | submit login

Buy Yubikey, put SSH key on Yubikey, job done.

You can use Nitrokey too, but IIRC be careful which one you buy as some are software-only implementations.




> You can use Nitrokey too, but IIRC be careful which one you buy as some are software-only implementations.

First I've heard of this. Do you have some links where I can read more about this?


> First I've heard of this. Do you have some links where I can read more about this?

Sure, the comparison table on the Nitrokey site[1] is probably sufficient.

Anything without a green tick next to "tamper-resistant smart card" is a software implementation with the associated risks (e.g. firmware updates are available[2] - i.e. if you can update the firmware then you've also got a low-level attack vector for miscreants).

Meanwhile all YubiKeys are hardware backed and it has never been possible to update firmware on them.

[1] https://www.nitrokey.com/#comparison [2] https://www.nitrokey.com/releases


You can check this guide: https://github.com/drduh/YubiKey-Guide




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: