Ask HN: What do you think about the Secalot hardware token?

[pablo1]

Comparing open source security tokens/OTP generators/UFA tokens/PGP Smartcards, it seems the product from secalot has the most features for a similar price as the alternatives. It also has open source software and hardware.

https://www.secalot.com/

Has anybody tried it and can compare it to more popular alternatives like the yubikey or the nitrokey?

How would you rate this from a security aspect?

[jans23]

From the security point of view the most obvious difference to me is that Nitrokey contains a secure element while Secalot doesn't. (Secalot contains a microprocessor with cryptographic acceleration but don't confuse this with a secure element.) Secure elements are secure key stores which protect against extraction of cryptographic keys by malware and by physical attackers.

Also Secalot seems to be a small project while Nitrokey is a (small) company, which might influence quality of security and maintenance too.

Disclaimer: I'm with Nitrokey UG.

[pablo1]

Interesting. That is a definitive plus for Nitrokey indeed. I wonder if they plan on creating a version that supports PGP and U2F.

I really like the Nitrokey pro version, it is pretty much everything I need except for the U2F.

[jans23]

Yes, a Nitrokey with OpenPGP Card and FIDO is planned. You can get notified directly by subscribing its newsletter at https://www.nitrokey.com/newsletter

[pablo1]

Any planned realease date? I'm considering waiting for the release of it.