Kuky
I want to create a digital keychain that can replace our hands while typing a password and even our memory. A device capable of remembering our passwords in a secure way and intelligent enough to realise when it's compromised in order to delete it's own memory contents.
Known facts:
Security threats doesn't come from physical people 10 meters around you in most cases, and most of them are accomplished without even need of a physical access to the machine. So, in the same way that a keychain secures our home, we can make a digital keychain that secures our password. If your home keys are lost, unless you know exactly to who they belongs to, they're useless and I think that the same idea can be aplicable here
Requirements
- Has to be pluggable on most devices without any problems
- Must not have any information about the entire login. Login usernames are easy to remember but not their passwords
- Must have hardware-security options (maybe?)
- User needs to input to the device which key he wants to retrieve
- Memory must be writable
First prototype
Aiming to reproduce the behaviour of typical keys, we start developing a device that is capable of writing passwords in plain text without any special behaviour but to store them in a secure way.
Materials
- Teensy 3.1 or any FTDI capable µcontroller
- .9' inch oled screen
- Pushbuttons
Possible improvements for the next version
- One way to improve hardware security is the idea of "catridges". Say we have to devices A and B, each one with it's own hardware-defined encryption key. Using the idea of pubkeys use two devices to completely retrieve the password, or even use a encrypted micro SD as the catrigde with our password library and the device as the interpreter.
- Find a way to put password info in a neat way on the device (but still making it compatible with any devices without need of drivers of any kind).
Scott Hasse
Noah Pena
Sam P
benoit.callebaut