project idea: portable password safe
edorfaus at xepher.net
Tue Sep 10 21:45:11 EDT 2013
On 09/11/2013 02:51 AM, Ron K. Jeffries wrote:
> Given recent information from Mr. Snowden, the concept of "trusted PC"
> seems so 1980s.
Well, if you have a PC from the 1980s that you've never connected to the
Internet, I guess that might qualify as one..? :)
More seriously though, I guess that's just all the more reason to
include some way of getting the passwords into/out of the device without
having to trust a PC, and also having some way of ensuring that the PC
can't read/write arbitrary passwords even if you connect the device to it.
That is, with that setting active, the PC should only be able to get
passwords that you explicitly and directly (not via the PC) ask the
device to send to it, as if it was just a simple keyboard. The PC
shouldn't even be able to get a list of saved passwords.
Or, alternately, the device could behave as if the write lock was off,
except that all reads/writes goes to a separate jailed section that you
can control independently of the "real" section... If done properly, any
malware on the PC should not be able to distinguish that from a device
that really only contains the passwords it's allowed to see anyway
(because you're using them).
I suspect that would be harder to implement safely, though, so it has
more potential for bugs (including info-leak bugs) than simply disabling
all access and pretending to be just a keyboard.
More information about the discussion