I am trying to get familiar with the Nitrokey architecture (while waiting for mine to arrive :)), and I noticed that at least libnitrokey does not provide any means to authenticate the Nitrokey device that is used. It will connect to the first device with a matching product and vendor id. If an adversary manages to attach a USB device with the same ids to my computer, they will be able to extract my user password if they are lucky enough that
hdi_open picks their device over the Nitrokey. The only identification I found is the serial number, which probably could also be spoofed by an adversary.
Is my understanding correct? Did you consider adding some kind of device authentication to the Nitrokey? (I am thinking of something similar to ssh’s known hosts or a challenge-response authentication that can be initialized on the first use.)