08/26/2014 at 02:46 •
We started to design our own first hardware platform. It does not have to be the best, but it must be cheap, small and fast. We did some back of the envelope computations about battery life and decided that a single core Linux microprocessor could handle all login traffic with no noticeable delay and at the same time won't drain the battery too soon. This is because we have special modes to offload computations to the PC where there is large file download or upload, without compromising the security. We'll add more information about this modes later. Also we're investigating selective proxying, where the high-security traffic is redirected to the PassKey and other low security traffic is not. This hybrid strategy preserves the baterry even more.
08/26/2014 at 02:39 •
We started using the Smart-watch for ourselves, login in Twitter, LinkedIn, our banks and more. Results were 99% positive, although we had to improve the cookie handling code. To ease testing, we decided to add to the PassKey a learning mode so we could focus on the interaction and stop spending time configuring XML files manually.
Learning mode worked great. Now we just type the password a single time, and then never again. It's magic.
08/26/2014 at 02:33 •
We hacked an smart-watch to run the UI based on Android Scripting Layer (android.py). This gave us the opportunity to test how slim the UI can be made and how comfortable (or not) would be to have the PassKey around your wrists.
Unlucky the first Smart-watch died unexpectedly and it was impossible to revive, so we bought another to keep testing.
We recorded a simple video to pitch the idea before another smart-watch failure. Now we're ready to go building own own hardware.
08/26/2014 at 02:27 •
This was awesome. We took an old Samsung GT-B5510 Smart-phone, rooted it and installed a debian Linux in a chrooted environment. Python ran smoothly during long times, although it took a few days to leave everything working. The UI is still simple but serves its purpose well. We're still exploring the use case and we're not focusing technical details.
08/26/2014 at 02:17 •
We finished our initial proof of concept PassKey in Python running on a Linux PC.
We chose Python because it's good for prototyping and because we used mitmproxy.org, and excelent HTTPS proxy that supports traffic interception and modification.