This is a two-part project: the password manager on a cellular device and the corresponding hardware. The app is a simple one where a password can be entered or generated. It is then encrypted and stored in a database stored on a server and cached locally. When the app runs, the user selects a password to transmit, enters a PIN, and that's it. The password is decrypted to RAM, and then the handshake with the hardware begins.
RSA is used to retrieve the symmetrical key from the dongle. The now cleartext password in RAM is then re-encrypted with the dongle's symmetrical key and transmitted to the dongle. The dongle decrypts the password on chip, and acts as a keyboard and types the characters into wherever the user's cursor is.
The benefits of this solution:
- Password is only cleartext in RAM and on the USB bus
- Only as vulnerable as manually typing password
- Database is stored where you choose, no central point of failure for all users
- Bluetooth communication is resistant to eavesdropping
- Room for future improvements!
- Convenience - it's not as user-friendly as a browser plugin or bookmarklet
- Subject to 2.4GHz jamming