[Cryptography] password fatigue; was: Lastpass
Christian Huitema
huitema at huitema.net
Sun Jun 21 16:21:00 EDT 2015
> If we are dreaming up new (exterior) hardware designs anyway, then why
> not make it such that it has a USB port (allowing any old USB cable to
> connect it to a computer), presents itself to the host as a HID device
> acting as a keyboard (much like a Yubikey does) and has a physically
> triggered action to send data selected in its software to the host?
USB or Bluetooth would both work. You can probably implement a prototype with a phone app that stores the passwords and pushes them on demand through Bluetooth.
> ...
>
> Throw in keyboard layout selection for the output and it seems like
> you have something that could be made reasonably small (even with a
> physical keyboard on the device, certainly small enough to fit in a
> reasonably-sized pocket) _and_ can reasonably be known to not leak
> data (because you can trivially have it input a password into a text
> editor, for example, and verify that it does what it should; also, it
> requires both being plugged into a computer _and_ physical action on
> part of the owner to legitimately transmit anything).
Not sure about the physical connection part. If the device is physically connected by USB, then you have to worry about the device itself being hacked through some maintenance API available from the PC through USB. If it is connected by radio like Bluetooth, you have to worry about Bluetooth hacks.
-- Christian Huitema
More information about the cryptography
mailing list