project idea: portable password safe

Paul Boddie paul at
Sat Sep 7 09:41:37 EDT 2013

On Saturday 7. September 2013 01.13.26 EdorFaus wrote:
> On 09/06/2013 07:18 PM, Werner Almesberger wrote:
> > I've been thinking for a long time about making a portable password
> > safe device. I originally thought of using the Ben for such a purpose,
> > but it has some properties that would be undesirable for such a role.
> > 
> > I wonder if there may be interest in building a small computer
> > designed specifically for such a purpose. Besides such a project being
> > highly Zeitgeist-compatible, I think we now also have accumulated
> > enough skills and know-how to actually be able to make it happen.
> I like this idea.
> It could be improved by also supporting things like ssh private keys,
> but I assume that doing that would be far more complex than only
> supporting passwords, so it is best left for a later version.

How does the idea relate to things like PGP key storage on smartcards? For 

Although lots of services still work in terms of passwords, I can foresee 
people starting to use PGP a lot more, and I wonder how much overlap there is 
between these smartcard solutions and this proposed password safe device. The 
issue of how much smartcard solutions can be trusted and whether the 
techniques employed are transferrable (either technically or legally) is also 
interesting to consider.

With regard to individuals and their use of PGP, there are already various 
government- or industry-led systems that supposedly offer "electronic 
signatures" for individuals. However, these systems appear to give the control 
over actually making signatures to the organisations running those systems, 
not to the individuals who are merely requesting that their "signature" be 
applied to a document or transaction, and so the end-user is not really 
applying a proper digital signature like they would if they maintained their 
own keys.

(It is reminiscent of the scandal around Nokia's mobile Web browser doing "man 
in the client" decryption [1], where users were effectively having their 
secure sessions run on Nokia's servers on their behalf, rather than actually 
having control over the sessions on their own hardware.)

One supposed concern that government agencies (the normal ones, not the ones 
doing all the spying) have is that individuals might not be able to look after 
their keys, and that services in proper datacentres are needed to do that for 
them, and that's why they architect their "signature" solutions in the way 
they do. It would be interesting to have a decent response (and a solution) 
that demonstrates that people really can look after such matters themselves.

Sorry if this is tangential, but I'm only thinking of maximising the Zeitgeist 
compatibility here. ;-)



More information about the discussion mailing list