Looks like it now can do Ed25519 vs just NSA Suite B for ECC, which was a real irritation previously. They have touch now too, also important in helping hinder hot attacks.
The use of Rust is interesting to see in an HSM, though I'm not remotely skilled enough to say if they're actually using it well or how reliable Trussed is yet. The specific product pages like [0] have more details, but still missing some stuff. For example I wonder if they can do more standardized attestation now, and what the baked in certificate is (previously a disappointing RSA2048 IIRC).
Still glad to see this continuing along. While I'm now using YubiKeys, I backed the original CryptoStick back in the day and am happy to see multiple players in the space. HSMs and keys are criminally underutilized in online authentication even now.
> Looks like it now can do Ed25519 vs just NSA Suite B for ECC, which was a real irritation previously.
The Nitrokey Start supports Curve25519, though it was (strangely) the only device they sold with such support before the new 3 series. It seems as though they inherited Curve25519 support by basing the Start on gnuk, with their 2 series not having support for it.
Honestly the main thing I'm hyped for is that they finally have a Yubikey Nano competitor. My last NitroKey broke because it stuck out and took quite a beating (sadly it seems their USB-key-like design is less durable than the Yubikey unibody design), so I expect the new form factor to last much longer.
Yeah I just preordered mine, I also like the hardware button. I have a previous version of the Nitrokey but it's just a backup for my Yubikey at the moment because I find the Yubikey's form factor and confirm button superior, but I may well transition to the Nitrokey 3 when I receive it.
The use of Rust is interesting to see in an HSM, though I'm not remotely skilled enough to say if they're actually using it well or how reliable Trussed is yet. The specific product pages like [0] have more details, but still missing some stuff. For example I wonder if they can do more standardized attestation now, and what the baked in certificate is (previously a disappointing RSA2048 IIRC).
Still glad to see this continuing along. While I'm now using YubiKeys, I backed the original CryptoStick back in the day and am happy to see multiple players in the space. HSMs and keys are criminally underutilized in online authentication even now.
----
0: https://shop.nitrokey.com/shop/product/nk3an-nitrokey-3a-nfc...