Adding Storage and Increasing Security

A project log for Zamek: The Offline Pocket Password Manager

Creating and retrieving passwords for all your accounts has never been this easy and convenient!

jarek319 04/21/2016 at 00:200 Comments

A bare ATMega32u4 has 1KB of EEPROM. This means that by itself, it can store 20 typical account entries (consisting of a 16 character site name, a 16 character user name, and a 16 character password). In order to expand this repository, I have added on a footprint for common EEPROM chips. This will allow up to 100 accounts to be stored!

I'm also starting to think of ways to implement an additional layer of security to secure the EEPROM payload against brute-forcing attacks. This usually means taking the route of longer keys and/or longer computation time. I thought about all the literature I've read on the subject and parsed through chat logs with the excellent folks on the Hacker Channel chat, and am thinking about writing a method to encrypt the EEPROM with a very long key that would be stored in the microcontroller's RAM. This key would itself be encrypted with the relatively shorter PIN. This means that if an attacker simply tries to dump the EEPROM, they would be met with a very resistant payload. If the attacker were to try to dump the RAM, they would likely erase the contents of the RAM in the process (I'll give the chip a warm jacket in case security researchers try to freeze the chip ;) ).