We’re pretty sure that most of you already know that a few months ago Hackaday was bought by SupplyFrame, who therefore became our new evil overlords. We do hope you’ve noticed that they’re actually quite nice, and in their divine goodness they recently gave the go-ahead on this series called Developed on Hackaday.
A new project will be made by the Hackaday staff & community and will hopefully be brought to the consumer market. For those who don’t have the time/experience to get involved in this adventure, we want to show and document what it takes to bring an idea to the marketable product stage. For the others, we would like to involve you in the design/development process as much as possible. Obviously, this project will be open source hardware/software. This time around, the hardware will mainly be developed by yours truly. You may already know me from the whistled platform (currently sold on Tindie) or from all the different projects described on my website, which makes this new adventure far from being my first rodeo.
What’s in it for the contributors? During all the steps of this project, we’ll offer many rewards as well as hand-soldered first prototypes of the device so you can start playing/testing it. Nothing is set in stone so every suggestion is welcome. Should we make a Kickstarter-like campaign to manufacture the final product, we’ll only do so once our prototype is final, our partners are chosen and all details of the production process are set and confirmed. In that case, we will just need to gather the required funds to make the device a reality. What are we going to build? Keep reading to find out.
So what about this new device? After many discussions with the writers, we decided we would make something useful for Hackaday readers. We wanted something simple that would simplify users’ lives and therefore settled on a secure offline password keeper. Keep in mind that the following description is just a draft, so your input is welcome in the comments section. Please keep it constructive as the way the comments are formatted is not optimal for this kind of discussion (we’re currently working on that).
The concept behind this product is to minimize the number of ways your passwords can be compromised, while generating long and complex random passwords for the different websites you use daily. As a side note, you may already know that most people often don’t use secure passwords, except red-haired women. Hypothetically, password keeping software could be circumvented by reading the key + encrypted passwords on the computer’s RAM. Ideally, the product should be so simple that my grand mother could use it (I’ll let you image her email password…). It will be as small as possible so it could fit in your pocket. Simply visit a website and the device will ask for confirmation to enter your credentials when you need to login.
What about the hardware? We thought a good solution was to make a device that uses a smart card, connected to your computer via USB (to keep costs low). The device will store your AES-256 encrypted passwords and the smart card will keep your AES-256 key (as well as a few other passwords). The smart card will be (for the sake of simplicity) a read protected EEPROM that requires a PIN code to unlock its contents. As with your credit card, too many tries will permanently lock the smart card. Therefore, the project’s main components will be: a smart card connector, a microcontroller (Arduino compatible?), an OLED screen and its touchscreen panel. The OLED screen will provide good contrast and therefore better visibility. On the software side, we’ll ‘only’ need to write a simple script running on the users’ browsers. The browser script will send the current website URL to the device (via HID reports).
We prefer a contact based smart card for several reasons. They’re much easier to source, are cheaper and can’t be easily sniffed without you noticing it. We hope that making this an open project will ensure any future problems are handled. We also want the device to be as hackable as possible, and an Arduino compatible device with a touch sensitive OLED screen and USB connectivity will surely interest beginners out there.
So what’s next? We need a project name, so please give us some feedback in the comments section. You can also directly contact me: mathieu[at]hackaday[dot]com if you’d like to contribute (we need designers, coders, webmasters…), be part of the beta tester team or if you already know potential partners for this project. We look forward to your comments!
[Smartcard Image Source - CC-BY-SA]
Filed under: Featured