project idea: portable password safe

EdorFaus edorfaus at
Tue Sep 10 20:47:41 EDT 2013

On 09/09/2013 08:11 AM, Werner Almesberger wrote:
> Paul Boddie wrote:
>> works/
> Hmm, seems a little odd to have the keys both at the bank and in your
> device. But well, it's a possibility. If they leak somehow, this
> should be fun to figure out where that happened :)

I think it's more a choice, really - you can either keep it in your 
phone's SIM card, or the bank can store it for you.

Well, I would actually assume that the bank stores the ID even if you 
choose to also have it in your SIM card, in which case the above does 
apply. I think most people don't put it into their SIM though, in which 
case it's only kept at the bank.

The code card/calculator thing doesn't contain the actual BankID, it 
just contains a key that is used for logging into the bank site where 
you can then use the BankID.

> He (?) also mentions that
> his device will see if other keyboards are changing *-lock
> modifiers. Yet another interesting HID feature I didn't know
> yet :-)

It depends on the OS to broadcast the notifications, but yes. It's 
usually used to turn on and off the indicator LEDs on all connected 
keyboards when the (global) lock state changes. :)

That OS dependence isn't a major concern for simple on-off detection 
(e.g. to automatically turn off caps lock when typing a password, and 
back on afterwards - or just invert the relevant shift state when caps 
lock is on), I think pretty much all of them handle that similarly 
enough these days to not be a problem in practice (and worst-case the 
user can turn it off manually once they notice).

The main difference (I know of) between OSes is in how exactly these LED 
notifications are handled when a lock key is held down - something I 
found out recently when writing a driver for a device with a feature 
that depended on the way Windows does it (and Linux doesn't)...

IMO it's best to simply avoid depending on detecting held-down keys, and 
instead detect and trigger on e.g. a few rapid on-off switches.

> It's interesting to see the first comment suggest use of a
> rotary encoder.

That's actually a good idea, and not just for menu navigation either.

A network music player I have has a big rotary encoder on the front, 
that it uses not just for volume control and menu navigation, but also 
for entering things like WiFi passwords.

The concept is fairly simple and straightforward: you use a button to 
move from one character position to the next, and the rotary encoder to 
move up/down through the characters for that position.

Slower than a real keyboard, obviously, but takes up far less space 
(especially if you would have the encoder anyway), and is faster (and 
easier to use) than having to press up/down buttons to select the character.

> The Pass-Pal got me thinking, though. If we accept the concept of
> a trusted PC for setup, things get a LOT simpler. Almost
> watch-level simple ;-)

Well, we might want the option of using a trusted PC for initial setup, 
e.g. to import an existing password database - but I still think it's a 
good idea to be able to manage the passwords on the device itself too, 
even if that's not usually as convenient, because in some cases, it will 
be *more* convenient. E.g. if you receive a new password at a time when 
you don't have a trustworthy PC nearby.

Also, if we use the rotary encoder idea, it doesn't have to be all that 
large or difficult - might still be able to get it close to a watch 
size, if the encoder is small (or mechanically fancy) enough (though a 
small one might be harder to use).

If password management is possible from the PC, though, I think it would 
be a good idea to have a kind of write lock on the device, that would 
make it impossible to write to the device from the PC when it was on - 
as an extra security feature in case you want to use the passwords from 
the device on an untrusted PC.

I noticed the Pass-Pal had something kinda like that, in its lock 
function, but it seemed to conflate the read and write locks - I think 
it would be convenient to be able to auto-type selected passwords while 
still not allowing password management.


More information about the discussion mailing list