[captainmuon]

This story made me think a bit about devices like the Yubikey. I'd really like one to store my keys to sign mail, or for two-factor-authentication. But the main selling point, the tamper-resistant secure-enclave-like chip, is something I don't need. I'd rather have a tiny microcontroler in USB format that I can program myself and understand nearly 100%, with no secret code going on.

My reasoning: I don't need physical tamper-resistance for my threat scenario - if it is stolen by a random thief, a coworker, a "friend", etc..

But if I was attacked by a nation-state-like actor, I cannot trust any security measure of the device. How do I know the NSA does not have a copy of every "random" card-manager key? How do I know that generated keys are not subtly biased so that they can be guessed easily? Or that there is not a secret function to extract them? Even if Yubico is 100% honest and their device is clean, I must assume that if e.g. the NSA were after me, they have the technology to extract the keys from the device, no matter what protection it has.