[CaliforniaKarl]

From a quick check, I'd say the big differences (Yubikey HSM 2 over Nitrokey HSM) are: 4096-bit RSA, curve25519, higher capacity, and smaller form factor.

EDIT: On further thought, the small form factor would be good for physical verification. I could get a good, high-quality server, plug this into the front USB port, and then use some sort of transparent epoxy to seal it in. Having it on the front of the server would make it easy to quickly confirm that it's in place (instead of hunting around the back of the server, and it would be small enough to seal into the USB port.

[EvanAnderson]

For a project we did we put the Nitrokey HSMs on an internal USB port on the server then put a tamper-evident semi-trailer seal band on the built-in lock hasp.

[baby]

How is 4k RSA a plus?

[vertex-four]

Sometimes you're stuck needing RSA for something. When you are, you want 4k RSA.

[pault]

Is 2048 RSA broken? I think that's what ssh-keygen creates by default, right?

[j_s]

> Is 2048 RSA broken?

Today(-ish)? HN's anointed crypto expert says no.

https://news.ycombinator.com/item?id=14317331

>tptacek(2017May): The point of modern RSA is that we use a modulus that can't be factored by any conceivable computer, with limits derived from the physics of computation and projected far out into the future. We aren't a supercomputer advance away from factoring 2048 bit moduli.

[CaliforniaKarl]

Hello! I don't believe I called 4k RSA a "plus", I just called it a difference. But, I do like the fact that it's available, even if it isn't particularly useful right now.

I could put it another way with regards to the EC algorithms. Many people do not trust the P-series curves, or the brainpool curves, and so for them there is support for curve 25519.