project idea: portable password safe
paul at boddie.org.uk
Sat Sep 7 09:41:37 EDT 2013
On Saturday 7. September 2013 01.13.26 EdorFaus wrote:
> On 09/06/2013 07:18 PM, Werner Almesberger wrote:
> > I've been thinking for a long time about making a portable password
> > safe device. I originally thought of using the Ben for such a purpose,
> > but it has some properties that would be undesirable for such a role.
> > I wonder if there may be interest in building a small computer
> > designed specifically for such a purpose. Besides such a project being
> > highly Zeitgeist-compatible, I think we now also have accumulated
> > enough skills and know-how to actually be able to make it happen.
> I like this idea.
> It could be improved by also supporting things like ssh private keys,
> but I assume that doing that would be far more complex than only
> supporting passwords, so it is best left for a later version.
How does the idea relate to things like PGP key storage on smartcards? For
Although lots of services still work in terms of passwords, I can foresee
people starting to use PGP a lot more, and I wonder how much overlap there is
between these smartcard solutions and this proposed password safe device. The
issue of how much smartcard solutions can be trusted and whether the
techniques employed are transferrable (either technically or legally) is also
interesting to consider.
With regard to individuals and their use of PGP, there are already various
government- or industry-led systems that supposedly offer "electronic
signatures" for individuals. However, these systems appear to give the control
over actually making signatures to the organisations running those systems,
not to the individuals who are merely requesting that their "signature" be
applied to a document or transaction, and so the end-user is not really
applying a proper digital signature like they would if they maintained their
(It is reminiscent of the scandal around Nokia's mobile Web browser doing "man
in the client" decryption , where users were effectively having their
secure sessions run on Nokia's servers on their behalf, rather than actually
having control over the sessions on their own hardware.)
One supposed concern that government agencies (the normal ones, not the ones
doing all the spying) have is that individuals might not be able to look after
their keys, and that services in proper datacentres are needed to do that for
them, and that's why they architect their "signature" solutions in the way
they do. It would be interesting to have a decent response (and a solution)
that demonstrates that people really can look after such matters themselves.
Sorry if this is tangential, but I'm only thinking of maximising the Zeitgeist
compatibility here. ;-)
More information about the discussion