project idea: portable password safe

Werner Almesberger werner at
Fri Sep 6 13:18:03 EDT 2013

I've been thinking for a long time about making a portable password
safe device. I originally thought of using the Ben for such a purpose,
but it has some properties that would be undesirable for such a role.

I wonder if there may be interest in building a small computer
designed specifically for such a purpose. Besides such a project being
highly Zeitgeist-compatible, I think we now also have accumulated
enough skills and know-how to actually be able to make it happen.

The overall concept would be a small device, maybe the size of a
dumbphone, that stores account information (service name, user name,
password, etc.) encrypted with (a) master password(s). To use a
password, one would unlock the account record by entering the master
password and could then choose between displaying the password or
sending it to a PC (or equivalent).

The device would have a small display, a (tiny) keyboard, USB host
and USB device, and RF (802.15.4, to keep things simple and cheap).
USB device would be used for a HID device to "type" things to a PC.
The source of such keystrokes would be a) an account record, b) the
device's keyboard, c) a keyboard connected via USB host.

Instead of a USB device, the password safe could also use RF to send
the (encrypted and traffic-shaped) keystrokes. USB host would in this
case also be used to "pair" (set up a shared secret) RF dongles with
the password safe.

The password safe could be stored on a removable memory card, making
the device basically dataless. Power would come from a standard
battery, e.g., CR2032 or AAA. If operating as USB host with an
external keyboard, one would have to supply power via the USB device

That way, one could leave an RF dongle in PCs one uses frequently,
without having to mess with cables. The USB host connector could be
used as part of a "bay" to carry an RF dongle with the password safe.

Compared to PC-based password safes, this one would have the
following advantages:

- no need to replicate the content of the password safe across the
  systems one is using (some of which may not even be
- master password(s) never reach the PC and are therefore immune to
  key logging,
- password safe content (memory card) is easily hidden and can be
  quickly destroyed,
- could be the basis for more sophisticated authentication schemes,
  e.g., an end-to-end challenge-response system that can be used
  also if intermediate systems are compromised.

The main advantages over smartphone-based safes would be better
hardware integration and a simpler and more transparent system.


- one more item to carry around,
- one more item to get lost/stolen,
- requires the PC to have a USB host interface,
- lacks integration with Web browser (i.e., browser selects which
  account record to use based on URL visited).

That system probably wouldn't run Linux or be able to. MCUs that may
be suitable would be STM32F205 (Cortex M3, dual USB FS OTG), or a
pair of MKL24Z64VFM4 (Freescale Kinetis KL2 series, Cortex M0, single

Does that sound useful ?

- Werner

More information about the discussion mailing list