[Cryptography] Dumb idea: open-source hardware USB key for crypto

[Bill Cox]

A keypad and display would be great, but for users who just want to
carry it in their pockets, a USB stick form-factor would be
preferable.  I personally was thinking that I would have a Raspberry
Pi based system with keyboard and display that was isolated from the
Internet to help me generate keys, but of course average users would
plug them into their Windows machines, and who knows who's watching
them type passwords in that case.

Your preference for epoxy encased circuits, and read-protected
microcontrollers is interesting.  That's one way to go, but I'm more
worried that our USB sticks will be subverted somewhere along the
build chain, so my preference is to make it easy to read out the
programming information and to be able to probe the internal signals.
You probably are right that in reality users would never bother with
such authentication, which is why I would like to see a volunteer
group of people who do bother to prove that most of these USB keys are
safe.

But you are right that my version makes it easy for an attacker to
steal my USB key and read out the keys...

It's a tough problem...

Bill