if anyone wanted to fund the development of bitcoin/LN/nostr hardware security devices, simple ones in the same kind of style as yubikeys, i'd love to see it, and i'd love to help write the software that drives it.

the "security" on most facets of the current generation of yubikeys is a joke, half of them rely on security by obscurity, and/or involve the use of the broken SHA-1 hash function.

nostr security keys could provide a level of detached signing security at the level of devices like coldcard and jade, could provide also LN and bitcoin signatures, without expensive/complicated displays and scanners.

i'm in the process of writing a nostr schnorr key signature protocol library and CLI right now, and as i work on it i get the bug to play with my yubikey to smooth some auth functionalities that i haven't got working, and man, what a shitshow is the "security" of these devices.

the only two features that seem to be worth using are the SSH key unlock using PIV and the PAM-U2F module which saves me from having to endlessly type my password to perform administrative tasks. every other "feature" provided by the device is a sick joke.