project idea: portable password safe

Werner Almesberger werner at
Sat Sep 14 03:41:50 EDT 2013

Ron K. Jeffries wrote:
> This discussion on the list is great. But it might also be useful to
> maintain (using some web tool, but not on mail list)  a simple, short
> "Password Safe Requirements" document.

Yeah, or a "project overview" (high-level, without the gory technical
details.) Let's give it a try ...

> >> Project description, including
> .. what problem the password safe solves

Main objectives:
1) medium "hard" password/account storage,
2) suitable for "continuous carry" (gun nuts should like this term),
3) convenient to use,
4) suitable for most if not all of everyday's password needs, not only
   on the PC but also, say, for credit/debit card PINs,
5) open design that can be reviewed by anyone.

One could summarize most of this as "practical security".

> .. what sort of person will buy the device

Basically, anyone who needs to handle more passwords, PINs, etc., than
they can easily remember and who isn't happy with just jotting them down
on a piece of paper. Middle-class spending profile.

> .. what the device will do and general characteristics, (but NOT how it is
> implemented)

- store and display or replay PINs, passwords, passphrases, and related
- replay is by acting as "USB keyboard", either by wire or ("secure")
- content of device is protected against theft, etc., by PIN/code and
- can also implement challenge-response schemes (TBD) which are more
  secure than traditional passwords,
- flexible security structure, allowing for accounts with weaker or
  stronger protection (e.g., Twitter vs. e-banking),
- can generate/propose random passwords,
- roughly dumbphone-sized (to be confirmed),
- runs from easily replacable standard batteries,
- intentionally limited in functionality to avoid security issues
  known from PCs, smartphones, etc.

> >> rough cost targets
>      low quantity (n~= 100)
>      modest qty (n~=1000)

Hard to tell at the moment. This is still in the technical exploration
phase. 100 units doesn't really make sense for commercial exploitation.
(You'd have to work at military / medical margins to be profitable at
such numbers.) Maybe USD 100 before taxes for the password safe, USD
30 for the RF dongle (or use atusb), USD 20 for the Y-Box, to at least
cover immediate production costs.

At large volumes, maybe 10k+, a retail price below USD 100 for the
whole kit should be feasible. But that's just guesswork. Real cost
figures also include logistics, accounting, support, legal, let's not
forget taxes, etc. We'd have to involve someone who actually knows
how to calculate such things when the time comes to think about larger

>  >> target date for first proto

For the electronics and basic software, maybe end of November 2013.
A prototype case maybe 1-2 months later. So let's say early 2014 for
something I will be able to use.

That's assuming nobody else makes substantial contributions to the
project. At the early stages, there probably aren't that many options
for cooperation, but the more it advances, the more possibilities.

Once the first prototype design (which will involve the making of a
number of prototypes in various states of dysfunction) is done, there
can be several continuations, including:

- maybe interest will have died by then,
- maybe there will be interest in making and financing a small number
  of "developer edition" devices,
- maybe there will be interest but people won't like my design and
  someone else has a better one, so there'd be a switch/fork/diaspora,
- maybe millions will be gathering in the streets, demanding that it
  be mass-produced "as is" immediately ;-)

> >>NON-goals for project (optional, but can be useful)

Hmm, some:

- won't have "military-grade" security. Extreme security requires
  specialized components and design procedures (drives up the cost by
  orders of magnitude) and also demands operational procedures from
  the user few people would be willing to endure.

- won't aim for low-cost, your USD 16 phone being an extreme example.
  There's no way to beat such things. Think more along these lines:

> If you sorta kind like the idea, I volunteer to create the document based
> on your input.

Great. Thanks a lot !

> There are a few web systems designed for collaborative writing, often using
> Markdown syntax for formatting.

Sounds good to me. I've created a project on gitorious:

gitorious also offers a git-based Wiki, so one can easily combine the
usual Web editing with local editing and even automated tools. (E.g.,
to generate certain tables.)

The Wiki is here:

It's currently "writable by anyone" (this may mean "anyone with a
gitorious account").

> These requirements are already known, but have evolved over multiple
> messages in the email flow.

And probably will continue to evolve :)

Thanks a lot !

- Werner

More information about the discussion mailing list