I want to create a digital keychain that can replace our hands while typing a password and even our memory. A device capable of remembering our passwords in a secure way and intelligent enough to realise when it's compromised in order to delete it's own memory contents.
Security threats doesn't come from physical people 10 meters around you in most cases, and most of them are accomplished without even need of a physical access to the machine. So, in the same way that a keychain secures our home, we can make a digital keychain that secures our password. If your home keys are lost, unless you know exactly to who they belongs to, they're useless and I think that the same idea can be aplicable here
- Has to be pluggable on most devices without any problems
- Must not have any information about the entire login. Login usernames are easy to remember but not their passwords
- Must have hardware-security options (maybe?)
- User needs to input to the device which key he wants to retrieve
- Memory must be writable
Aiming to reproduce the behaviour of typical keys, we start developing a device that is capable of writing passwords in plain text without any special behaviour but to store them in a secure way.
- Teensy 3.1 or any FTDI capable µcontroller
- .9' inch oled screen
Possible improvements for the next version
- One way to improve hardware security is the idea of "catridges". Say we have to devices A and B, each one with it's own hardware-defined encryption key. Using the idea of pubkeys use two devices to completely retrieve the password, or even use a encrypted micro SD as the catrigde with our password library and the device as the interpreter.
- Find a way to put password info in a neat way on the device (but still making it compatible with any devices without need of drivers of any kind).