I have only used a Librem Key to do passwords.
As of now, 9-12-2024, there is documented a flaw in Yubi Keys, that is not in Nitro Keys. You can read about it on the NitroKey website. and some privacy/security forums.
I have always presumed, that if I, as an individual, was on the list of, break into that persons computer habits. from the NSA (National Security Agency), who has the most mathematicians in the world (or so I read) and I guess, a lot of computer scientists who are fully trained, advanced degrees, really knowledgeable, really experienced, hard working. intending to read all the things I do, then I have to believe they would. They can be unstoppable, if they wanted to use all the resources they have available.
I would keep in mind the phrase from those who break simple ciphers, like those used in World War One, Most codes are broken in practice, not in theory. That is, It is not the encryption that gets broken, it is easier to steal your password, discover what you are doing with other means.
Your security is more dependent on you OpSec (Operational Security, how you do things, techniques, after choosing good hardware) and the fact, the person you are communicating with, like to a journalist, their source, is dependent on their security. Their agenda. Perhaps.
Perhaps the other way around, a news source can not tell a Journalist information, and really think the Journalist will never write it. Only in some civilized countries, can a Journalist think he only has to worry about going to jail as a consequence for keeping his sources secret.
Gives an adversary the information he seeks, not your passwords. It is like the movie plot line, young woman, in witness protection, Calls her mom from a cell phone, which maybe the bad guy can not find the location of, but tells her trusted mother her location.
If you want to worry about those things.
I am guessing you were looking for a poison password, which instead of decrypting the passwords, whether in an encrypted LockBox on my hard drive, or in a USB encrypted Key. Poison Password scrambles, or erases the passwords so they can never be read.
What an adversary can gain in such a circumstance, easy quick access to your files, Or worse, the ability to pretend to be you.
Yeah, I think about writing fictional novels.
For Qubes, I would hypothesize, I would be concerned with, can an adversary read some, text left on the computer. As in a buffer, or perhaps in some part of memory. I do not know what triggers RAM Overwrites, or Overwrites of the USB controller. then an SSD has areas that it keeps for replacement of bad parts of drive, and moves the bad drive sectors to not used. Can an adversary read that? Or have a tech source to do things for him?
I will be watching for someone to answer this more specifically.
Edit: U.S. Journalism School Digital Security Curriculum