Ask HN: What do you think about the Secalot hardware token?

2 pointspablo17y ago4 comments

Comparing open source security tokens/OTP generators/UFA tokens/PGP Smartcards, it seems the product from secalot has the most features for a similar price as the alternatives. It also has open source software and hardware.

https://www.secalot.com/

Has anybody tried it and can compare it to more popular alternatives like the yubikey or the nitrokey?

How would you rate this from a security aspect?

4 comments

3 comments · 1 top-level

jans237y ago· 2 in thread

From the security point of view the most obvious difference to me is that Nitrokey contains a secure element while Secalot doesn't. (Secalot contains a microprocessor with cryptographic acceleration but don't confuse this with a secure element.) Secure elements are secure key stores which protect against extraction of cryptographic keys by malware and by physical attackers.

Also Secalot seems to be a small project while Nitrokey is a (small) company, which might influence quality of security and maintenance too.

Disclaimer: I'm with Nitrokey UG.

pablo1OP7y ago

Interesting. That is a definitive plus for Nitrokey indeed. I wonder if they plan on creating a version that supports PGP and U2F.

I really like the Nitrokey pro version, it is pretty much everything I need except for the U2F.

jans237y ago

Yes, a Nitrokey with OpenPGP Card and FIDO is planned. You can get notified directly by subscribing its newsletter at https://www.nitrokey.com/newsletter

1 more reply

j / k navigate · click thread line to collapse