Use different strong passwords for every service and:
- you don't need to remember them
- you don't need a software to be installed on the machine where you normally type your password, so you can use it everywhere (home/work...)
- you can use it for BIOS password
- you can use it with any fully encrypted computer startup mechanism that requires a password
- you don't need the service provider to make any change to its password authentication mechanism (works with facebook, google...)
- it's easier to manage than a paper under your keyboard, it's also safer
- it's OpenSource
A "Token" device that generates secure passwords and encrypt them using a 128 bits AES key. The secret key is stored in the token's eeprom memory only.
The generated encrypted password is sent to a Master Device (let's say : an iPhone) to be stored (the token does not store the generated password, nor the encrypted version).
Here's the iPhone App that works as the Master Device: Trustline-iPhone
- The token knows a secret AES128 symmetric key to encrypt/decrypt passwords.
- The iPhone knows a bunch of ciphered passwords that cannot be decrypted without the token.
When you want to login somewhere, instead of typing a password:
- Plug the Token to the computer (USB)
- Run the iPhone App (work in progress) and select the account's service you try to log-in (ex: workstation/gmail/facebook/amazon...)
- The iPhone App sends the associated encrypted password to the Token, that can decrypt it (because it knows the secret key) and the Token "types" the password where your focus is.
The Token looks like a USB keyboard to your computer. It can send keystrokes like a human will do on its own keyboard.
###What about security? The security is "almost" the same when you type your password by yourself. Almost, because:
- You don't have to remember the passwords, so they can be unique for every service, strong, and changed easily.
- Passwords are encrypted using AES-128 (CBC operation mode).
- The secret 128 bit AES key is stored inside token eeprom memory.
- Entropy : the token uses the Entropy Library
- The communication protocol (over BLE) uses a HMAC-SHA256 based challenge (64bit random nonce)/response to authenticate the sender and to ensure that there is no replay in the air. So yes, there is another secret key, and it is also 128 bit long. This one is shared during pairing, and saved inside the iPhone App
- The lockbits will be useful to reduce the risk of a physical access to the Token (ex : external read/write token flash/eeprom memory). They are not set, yet.
- During pairing, the token keys are sent to the iPhone in clear-text (to understand why, report to the What if I lose my Token section).
- The phone does not store the secret key used to decrypt password.
- The phone has 2 keys : the one used to authenticate the challenge/response, and another one, for later purpose: the next objective is to be able to use the token in a pocket, powered by a battery (that will be charged when the Token is pluged-in), to access passwords anywhere, by printing them temporarily on the phone itself - or clipboard.
- So yes, there are 3 keys :
- 1 to cipher the password, stored inside the Token EEPROM
- 1 to authenticate the sender of a command using a HMAC-SHA256 based challenge/response, stored in the phone and in the Token
- 1 to securely send back to the phone a password decrypted by the token, to temporarily print it on screen, or to put it inside the clipboard for a paste operation (ex : you want to authenticate when browsing with your phone). This one is stored both in the phone and in the Token.
- It's OK, you can create a new one, and recover your passwords:
When you pair the token with your phone for the first time, the secrets keys of the Token are sent to the phone. The application will ask you to print this secret Recovery Key (as a QR code), and put it in a safe somewhere...safe.
You can use this QR Code to initialize a new token. This new token will become a "clone" of your lost one.
- The token security rely on electronic. Lock-bits will be activated to protect it's memory against external read/write. It would also be fun to imagine a secure enclosure, that breaks if someone tries to open it, so that you know that someone attempted something.
The QR code obtained during pairing is a critical piece of information, so keep it safe.
- It's OK, your encrypted passwords can be safely stored on any Cloud, synchronized across your devices, or simply backuped by mail. They are encrypted, and only the token has the key to decrypt them.
- That's the worst case scenario.
If this happens, then the security rely mostly on the strength of the mechanism you use to unlock your phone. If you think this scenario may occurs, then you should use a phone identification mechanism that is hard to reproduce if someone is looking, or to guess if someone know you. Ex : use digital fingerprint identification when available.
Anyway, thanks to your Recovery Key (see above), you will be able to use your passwords' backup (encrypted) to retreive them all (clear).
Used material :
- The Token : Bluetooth 4.0 (Bluetooth Low Energy or BLE) enabled device, powered by an atmega32u4 (arduino), like this one : Blend Micro
- A bluetooth 4.0 compatible phone (like iPhone >= 4s)
Work in progress, but I'm a total newbie in GUI design, so I'm open to any contribution.
The iPhone app is also be OpenSource, and available here: Trustline Ios App
Refer to the wiki section.
Solutions I know about always require to install a software on the machine where you want to "autologin". This type of solution doesn't fit my personal requirements (ex: bios password or fully encrypted computer startup). Also, this was fun to design and make:
- to me, this password stuff is an everyday problem
- the cryptographic challenge behind this problem is cool
- it's very cool to make something blink and interact with "physical" world (I'm not used to microcontroller programming, in fact, this is my second Arduino project)
- that would be my first iPhone App
- Bluetooth 4.0 looks cool
- Apple's Swift looks cool
- the blend micro looks cool
- I would love to share it and find someone who think this is cool, too
Contributions or suggestions are welcome. Do not hesitate to fill issues, send pull requests, or discuss by email at amoriello.hutti@gmail.com.