Skip to main content

Topics

This section allows you to view all Topics made by this member. Note that you can only see Topics made in areas you currently have access to.

Topics - ferdinandk

1
Project development, ideas, and suggestions / USB Password Manager
USB Password Manager

As probably many of you, I have lots and lots of accounts for different services, shops, forums and so on. In the old times (tm) I used the classical "one password fits all" approach and then got screwed. My account details got stolen from a website, which forced me to change all other accounts as well. Nowadays I use a password manager - namely KeePass - and that works well. I can synchronize the encrypted database with DropBox and therefore access my passwords on any device I own. One problem remains: if my PC or phone gets infected with a virus, it could read out all my passwords and abuse them. So the password manager is a single point of failure, and I would like to avoid that.
Enter the USB Password Manager. Imagine a device, that securely stores all your login credentials and connects to your PC via USB. It appears as a USB keyboard, so you just have to select the right username/password combination on the device and it enters them directly to the website or program. I have been thinking about this idea for quite some time and plan on building a prototype in spring of 2013. However I'm not very proficient in writing firmware yet, so I was hoping to find some support here. If you have any suggestions or corrections for the hardware, please tell me.

The hardware will consist of the following:
  • an ATmega32U4,
  • a small OLED,
  • a joystick,
  • a SPI connected flash chip
  • and a hardware random number generator.
I haven't worked with PICs yet, so I chose the ATmega32U4. There is an open-source USB stack available for this chip, so that won't be a problem. The choice of display and user-input is mainly determined by size, as I want the PCB to be as small as possible. The flash is for storing the login credentials.
Now for the interesting part: the random number generator (RNG). I want to be able to generate unique passwords for every website on the device. That way the password can't be manipulated by any PC side software. Using a pseudo-random number generator would be possible, but the good quality ones are computationally expensive and still need some entropy to work well. So I thought, why not use a hardware RNG to start with. The circuit I plan on using consists of two NPN transistors and some logic. You can find the circuit here http://http://web.jfet.org/hw-rng.html. The circuit is proven, but it needs a voltage in excess of 12V to work. I tried to generate this voltage with a Dickson Charge Pump (http://http://en.wikipedia.org/wiki/Voltage_multiplier#Dickson_charge_pump), but failed miserably - the charge pump was not able to deliver the necessary 520uA of current. So instead I will use a boost-converter. To reduce the BOM cost, the control circuit will be implemented in the microcontroller - and as I don't need any serious current I can use really small inductors and caps.

I plan on documenting the development process here in the forum. The level of detail will vary with how much spare time I will be able to invest in this project over the next few months.
Well, that's it so far. Now I'm eager to hear what you think about this project.