project idea: portable password safe
edorfaus at xepher.net
Tue Sep 10 20:47:41 EDT 2013
On 09/09/2013 08:11 AM, Werner Almesberger wrote:
> Paul Boddie wrote:
> Hmm, seems a little odd to have the keys both at the bank and in your
> device. But well, it's a possibility. If they leak somehow, this
> should be fun to figure out where that happened :)
I think it's more a choice, really - you can either keep it in your
phone's SIM card, or the bank can store it for you.
Well, I would actually assume that the bank stores the ID even if you
choose to also have it in your SIM card, in which case the above does
apply. I think most people don't put it into their SIM though, in which
case it's only kept at the bank.
The code card/calculator thing doesn't contain the actual BankID, it
just contains a key that is used for logging into the bank site where
you can then use the BankID.
> He (?) also mentions that
> his device will see if other keyboards are changing *-lock
> modifiers. Yet another interesting HID feature I didn't know
> yet :-)
It depends on the OS to broadcast the notifications, but yes. It's
usually used to turn on and off the indicator LEDs on all connected
keyboards when the (global) lock state changes. :)
That OS dependence isn't a major concern for simple on-off detection
(e.g. to automatically turn off caps lock when typing a password, and
back on afterwards - or just invert the relevant shift state when caps
lock is on), I think pretty much all of them handle that similarly
enough these days to not be a problem in practice (and worst-case the
user can turn it off manually once they notice).
The main difference (I know of) between OSes is in how exactly these LED
notifications are handled when a lock key is held down - something I
found out recently when writing a driver for a device with a feature
that depended on the way Windows does it (and Linux doesn't)...
IMO it's best to simply avoid depending on detecting held-down keys, and
instead detect and trigger on e.g. a few rapid on-off switches.
> It's interesting to see the first comment suggest use of a
> rotary encoder.
That's actually a good idea, and not just for menu navigation either.
A network music player I have has a big rotary encoder on the front,
that it uses not just for volume control and menu navigation, but also
for entering things like WiFi passwords.
The concept is fairly simple and straightforward: you use a button to
move from one character position to the next, and the rotary encoder to
move up/down through the characters for that position.
Slower than a real keyboard, obviously, but takes up far less space
(especially if you would have the encoder anyway), and is faster (and
easier to use) than having to press up/down buttons to select the character.
> The Pass-Pal got me thinking, though. If we accept the concept of
> a trusted PC for setup, things get a LOT simpler. Almost
> watch-level simple ;-)
Well, we might want the option of using a trusted PC for initial setup,
e.g. to import an existing password database - but I still think it's a
good idea to be able to manage the passwords on the device itself too,
even if that's not usually as convenient, because in some cases, it will
be *more* convenient. E.g. if you receive a new password at a time when
you don't have a trustworthy PC nearby.
Also, if we use the rotary encoder idea, it doesn't have to be all that
large or difficult - might still be able to get it close to a watch
size, if the encoder is small (or mechanically fancy) enough (though a
small one might be harder to use).
If password management is possible from the PC, though, I think it would
be a good idea to have a kind of write lock on the device, that would
make it impossible to write to the device from the PC when it was on -
as an extra security feature in case you want to use the passwords from
the device on an untrusted PC.
I noticed the Pass-Pal had something kinda like that, in its lock
function, but it seemed to conflate the read and write locks - I think
it would be convenient to be able to auto-type selected passwords while
still not allowing password management.
More information about the discussion