Looking for input on my OpenSource project

DusteD · March 15, 2015, 11:38pm

I have made an OpenSource project, it is a hardware password manager that is a bit different from conventional password managers on the following points:

It acts as a keyboard (the operating system detects it as an USB keyboard), and types the requested information for you, because it is a keyboard, it works with all programs and does not require any plugins.

Your computer can not access the password database, so if you are using it on a compromised computer, attackers will only obtain the accounts you actually use. (software password managers keeps your passwords in an encrypted file, vunerable to brute-force attacks).

It required physical access to get information out of it, even if you know the master-password, you still need physical access to try to unlock it.

It was designed to be used on OSX/Linux systems without the need for installing any software or drivers, Windows users need only to install the driver (a clear-text inf file).

It's fully OpenSource, you can compile the firmware from source and build the device yourself if you really don't trust anybody.

If you're interested in this sort of thing, have a look at the website, http://finalkey.net/

I'd like input on any points, but what I'm mainly interested in is how I am conveying the message, I'd like to point out that I build the device the way it is, because that is exactly how I personally want a password manager to work, so, I'm more interested in if I'm being clear in explaining how it works, so.. Yell at me and tell me what I'm doing wrong, and also if I'm doing anything right! :D

Thanks! ^_^

Also, I don't care about the vaping! I think it looks silly and a bit hipsterlike but hey, whatever keeps your vessel buoyant right? :)

/Jimmy

turin231 · March 16, 2015, 12:44am

This looks very interesting. A hardware password manager sounds like a great idea. Seem quite usable from videos. My main concern would be how well are the encryption methods implemented. I am afraid I do not have security experience but you might wanna get some other experts on security on the free software community and have them test it, review it or endorse it if they find it good enough.

DusteD · March 16, 2015, 12:58am

Hi turin,

Thanks for taking a look! :)

Your concern about the quality of the security implementation is very valid, I will look into a way of getting the AES256 library verified by an expert without paying too much. When I implemented the security stuff, I talked extensively about it with a colleague of mine who have worked with military-class systems, to ensure that I had the concepts down, and I chose to use an off-the-shelf implementation of the encryption algorithm instead of trying to create my own, I have verified it against other implementations that have all been able to encrypt and decrypt the data generated by the on I chose, so I believe it is valid. It might be interesting to see if I can get a crypto expert to go through it and comment. I don't know if it will help to write more words about security, I mean, it's a security device, so ultimately, if you do not have the skills to verify it yourself, all that's left is trust.

beefmaster · March 25, 2015, 8:28am

i am very interested in this i will attempt to help, but i am more of a noob so i may need some help learning and understanding the code.

see you there

beefmaster · March 25, 2015, 8:31am

i have looked at the project and have an idea,

i reckon we cut the hardware part out and just use a usb instead would this be possible?