project idea: portable password safe

Werner Almesberger werner at almesberger.net
Thu Sep 12 22:03:57 EDT 2013


Felix wrote:
> Just one more option to take in account for communications with pwsafe. I
> remember[1] to some one direction communication (pc to mcu) using blinking
> squares on a pc monitor (of course you can also use a mobile phone) and
> ldr; it could be used to send info to pwsafe, and then confirm correctness
> of data on device.

Hmm, the "modern" version of this would be a QR code. Needs a
camera, though :)

The most likely use case would be for selecting the account one
is about to log in to. Once selected, one would type or send the
password shown on the keyboard.

> [2]: http://jsfiddle.net/WzE4G/1/

Cute :-) Alas, account selection may involve quite a bit of data.
I tried a medium-sized URL and had a cramp in my fingers before
the whole string was sent :)

You'll also want some integrity check, a CRC-8 or similar, with
an encoding that avoids long runs of white fields.

Perhaps the account selection string could be shorter. What do
Firefox and friends use for their password safes ?

A cooperative selector construction could involve a registry.
That would allow for very compact codes, e.g., 24 bits for the
registrant organization, 8 bits for the service, 32 bits for
the account, 8 bits for the CRC, and another 8 bits for framing.
That's a total of 80 bits or 10 seconds

- Werner



More information about the discussion mailing list


interactive