The output of a yubikey is complex, though technically predictable by Yubico.
To help lessen the potential effect of a compromised RNG on the server, the following could be implemented during key generation
- Field to provide a Yubikey press (optional)
If provided, XOR the submission (minus the first 12 chars which never change) against a stream from the servers RNG.
Both sources of entropy would then need to be compromised in order to calculate the key.