The LYN ALDEN hath gespoken.
I got one. I only wish i had an NFC dingleberry for my pc because nunchuk on my phone is the only thing i can use it with. would be nice also so i could use the dongle for my yubikey 5 instead of leaving it using up a USB socket when i'm at home.
I won't be touching one of those things with a 20-foot pole, but I guess I'm also not necessarily their target audience. I personally think that a signing device should have a way to verify keys on the device. Having it literally be a black box seems like a poor design choice. 🙃
yeah, i'd prefer it if they were programmable too, like my yubikey.
the security protocols on yubikeys are pretty wild though... it was because i was reading up documentation i learned that Google Authenticator TOTPs use SHA1 hashes on timestamps and a rather short secret...
SHA1 hashes.
for some reason, several years after they are broken they are still used in Git too.
the only things i use my yubikey for are U2F challenge auth on my pc as a shortcut to typing my password all the time, and to access the PV for securing my ssh git signing key.
these things could be way better, but nobody who gets that has the money to do anything to get a better product out there. open, auditable, using elliptic curves at 256 bits with unbroken hash functions would be nice. embedded chips that can compute these scalars are not that expensive yet nobody's really offering a product that does it.
none of the stuff on the market is really secure. seed signers have closed firmware blobs, these tapsigners have keys implanted by manufacturers and you have to trust that the key doesn't exist anywhere else, the 'two factor' security uses a hash function that can be reversed pretty easily for anything as weak as a 6 digit pin number.in a matter of a few hours.
it's not surprising to me when i also have seen my own pc breached several times in the last couple of years by unknown remote attackers.
security on the market is way behind the tech even in bitcoin's 16 version...
