jiristepanovsky.cz

Return to Index


PassKeychain - 2020

This is the next iteration of the PassKeychain from 2014. Still a useful device for storing passwords in 2020. When connected to a computer, it emulates a keyboard, and by pressing a button n-times, it types the n-th password stored in memory. It is practical for 2~3 passwords maximum since it becomes unpractical to press the button multiple times consistently for the 4th (and higher) password.

New features include interface simplification, redundancy, and memory error recovery, so even if part of the internal memory fails (for example, during removal from a USB port), no harm is done to the stored passwords. The protection is based on storing multiple copies, and the recovery relies on 2 out of 3 voting, or 1 out of 3 if the internal checksum is correct. Such a system provides the necessary reliability to safely store important passwords without a backup.

PassKeychain

Passwords are stored to the device via an application written in C++ using the Qt graphics interface and benefits from platform independence (win/linux/os x). Nothing is stored locally; passwords are stored in the keychain only. The interface currently offers two keyboard layouts (english, czech) and allows to add special keys (enter/tab/escape...), short pause between typing next keys, and arbitrary keys from USB HID key codes (section 10, page 82). For example, the string "\sa\n" in the application is the same as the string "\m02\x04\x28" and writes "A" and presses ENTER (left shift modifier + A key + ENTER).

PassKeychain application

Keep in mind that this is a home project that does not provide any security guarantees and that the source code (especially the firmware) is quite messy and really hard to read O:)

PassKeychain

The circuit has not changed from the previous version. There is an Attiny85 inside that uses V-USB library. With 512 bytes of EEPROM and 3 copies of each password, the keychain can store about 150 characters top (all passwords combined). Schematics, firmware, and application source code can be downloaded here.