[Cialug] Password managers

Matt Stanton matt at itwannabe.com
Mon Sep 15 12:49:08 CDT 2014 

There are some ideas lately for building a hardware password locker.  Hackaday is working on a project they call "Mooltipass", which is a small device that takes a pin and RFID card along with the website credentials to unlock passwords stored on the Mooltipass's EEPROM encrypted with AES-256.

I've also been working on something similar, which won't require any drivers or programs to be installed on the target computer.  My plan is to use a ferroelectric RAM chip to store the AES-256 encrypted passwords, which can be unlocked/decrypted with a fingerprint and RFID/NFC sensor.  If the fingerprint and RFID card match the microcontroller will type the password in for you.  The MCU appears to the computer as a USB HID keyboard device, so it would be compatible with any computer that can use a USB keyboard (which includes many Android devices, assuming they have a USB host port).  I may also try to use a Bluetooth HID chip to interface with mobile devices that don't have USB ports (like hopefully my iPod Touch).

With the maker movement in full swing, a lot of things like this should pop up.  I'm not sure I'll ever completely finish my password locker project, but if I do I'll 
put up a build log.

-- Matt (N0BOX)

Sent from my ASUS Transformer

-----Original Message-----
From: Josh More <jmore at starmind.org>
To: Central Iowa Linux Users Group <cialug at cialug.org>
Sent: Mon, 15 Sep 2014 12:18 PM
Subject: Re: [Cialug] Password managers

The big difference is that you can look at the KeePass2 code and know
how the encryption works.  I do not believe that we have that level of
assurance with LastPass.

-Josh

On Mon, Sep 15, 2014 at 12:13 PM, Scott Yates <Scott at yatesframe.com> wrote:
> One thing to be aware of with lastpass, is that you are only sharing a
> pre-encrypted blob with the online server.  In that aspect, it is exactly
> as secure as storing any other pre-encrypted pw database online.
>
>
> On Mon, Sep 15, 2014 at 11:36 AM, Todd Walton <tdwalton at gmail.com> wrote:
>
>> On Mon, Sep 15, 2014 at 9:09 AM, Daniel A. Ramaley <
>> daniel.ramaley at drake.edu
>> > wrote:
>>
>> > What do people use for password managers?
>>
>>
>> I've been using KeePass at work for all that stuff, and I like it very
>> much.  I'm in Windows at work, and it works well there.  I've used the Mono
>> version of it and had trouble.  Perhaps it's improved recently.
>>
>> For everything web I use LastPass.  It makes me uncomfortable to share the
>> family jewels with an online service, so I have a heightened sense of
>> awareness of security issues there.  But it works fabulously.
>>
>> --
>> Todd
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list