project idea: portable password safe

Werner Almesberger werner at almesberger.net
Sat Sep 7 08:52:06 EDT 2013


Oleg Sadov wrote:
> A slightly similar idea -- bitcoins wallet:
> 
> http://www.bitcointrezor.com/

Ah, nice ! Thanks for the link ! They also have a nice and simple
channel from host to their Trezor. Didn't know there was such an
accessible API for that. This would make sending some site ID from
a browser to the password safe rather easy.

> About "one more item to carry around" -- what about implementing of
> such device as a common thing -- a wirst- or pocketwatch, for example?

That's an interesting idea. It would certainly improve the
possibility of never losing sight of it. Drawbacks:

- gets really really tiny
- has to be more robust as well, including water resistance
- how to make a useful keyboard, at least for password entry, at
  such a form factor ?
- you'd lose the ability to stow an RF dongle in the safe

Regarding the keyboard, I had one of these critters a long time
ago:

http://forum.pocketcalculatorshow.com/topic/casio-scientific-cfx-200-model-197

I would have said that this is about the maximum number of buttons
one can cram into a watch (and pecking at the tiny buttons with a
fingernail wasn't all that much fun), but then I found this one:

http://pocketcalculatorshow.com/nerdwatch/1980-pulsar-calculator-watch/attachment/pulsar-y739-4/

That's almost enough buttons for a real keyboard. Of course, one
could do like dumbphones do and have many characters per key, but
that gets messy quickly and it may also encourage the use of
lower-quality passwords.

I was thinking of an 11 x 3 matrix with a key pitch of maybe 7 or
6 mm. That still allows reasonably swift typing. The minimum
matrix for a QWERTY layout has 10 columns. I would try to have a
layout that has not more than two labels per key. E.g., here's a
QWERTY layout for a 12 x 3 matrix, inspired by the Nokia N900
keyboard:

http://downloads.qi-hardware.com/people/werner/tmp/kbd-12x3.pdf

The things in red wouldn't be printed on the keys (to avoid
overcrowding) but can be easily guessed from symbol that is
shown.

The overall look would be similar to that of those ruler
calculators, but with a slightly larger display:

http://www.p-wholesale.com/upimg/3/34a1/calculator-ruler-488.jpg

Regarding stowing the RF dongle, I'm undecided whether this would
be good or bad. Advantages:

- you can carry a dongle with you all the time,
- adds one more use to the USB host port. (The other uses are
  connecting an external keyboard and flashing and "pairing"
  dongles.),
- if there's no cover, there's a hole in the device if the RF
  dongle is removed.

Disadvantages:

- takes up some space (that would also be noticeable if not going
  for a watch-sized device),
- at least one more moving part in the design.

I would assume that, if using computers that aren't basically
yours, one would want to use the RF dongle. So anyone who doesn't
just move between home and office would want to carry one with
the password safe.

Of course, at least for uses that have a password that can be
displayed, one could just read it off the safe and type into the
PC (or ATM, etc.).

> Intellectual smart watches is a promising trend now and such hackable
> gadget with a passwords/crypto coins safe/wallet functionality may be
> interesting.

Yes, that may one of the first use cases that actually makes
sense ;-) Anything that begins with "constantly communicates with
your smartphone" usually ends with "needs daily recharging ...
and don't stay up too late !"

> Apropos, what do you think about possibility NFC support?

Dunno. I don't have any experience with NFC. I know I can make
working 802.15.4 devices.

- Werner



More information about the discussion mailing list


interactive