Skip to main content

Hardware Password Manager

[Updates 2025-01-20]
The original blog post assumes that all passwords are stored in one password manager, and the password manager either unlocks everything or nothing (e.g. Keepass).
After discussing with friends, I realized that if I use something like pass, and I use a hardware GPG token, I can actually store and sync all encrypted passwords to all devices, because I will only decrypt the passwords on demand, and the computer will not see the GPG private key.
The compromise is that the computer will see the list of all password entries (e.g. accounts), as well as a few other issues.


I've been using Keepass for many years. I don't use online password services because I cannot fully trust them. Besides, I may not always have Internet connection, which is why I also don't use a self-hosted service.

Everything has been working fine, until I turn my paranoid knob to the max.
Here's the thought experiment.

The Imaginary Scenario

Let's say I have 100 PCs for different purposes. Among them:
  • I use Google and Steam on PC 1
  • I use Google and Bank on PC 2
  • I use Bitcoin and Bank on PC 3
As a thread model, I'd just assume that PC 1 is filled with malicious software, which will upload everything to somewhere. I might be fine with that for Steam, but I will never use it for Bitcoin.

Now here's a question: how do I manage the passwords?

Note that Google is used by multiple PCs, if I store the password on multiple PCs, it'll be tricky to maintain it whenever the password is updated. So I should store the password on a single PC.

Also note that the scenario is the same for the Bank, so I should also pick a single PC to store its password.

Now I have to remember "Password X is stored in PC Y". This is only practical if Y is the same for all passwords, and naturally PC Y is the one with the highest security level. 

Let's say I store my Google password in PC 3. How about the Steam password? I could store it on PC 1 since it's only used there, but later again, I have to remember some password is stored in PC 1 and some other password is stored in PC 3, which is not practical.

So the conclusion is: all password should be stored in the single PC with the highest security level. And we just call that PC the hardware password manager.  Note that in reality it can be any suitable device, not necessarily a PC. 

The Hardware Password Manager

Note that a hardware password manager has all the requirements of a software password manager, with an extra one: it can leak no information other than the requested password. This implies the device must be unlocked locally, because we cannot input the master password elsewhere.

As a bad counterexample, today, in reality I have a single database for all passwords, and I use it on all PCs, but as soon as I open it on PC 1, it will know all passwords in the database, including the master password.

Such hardware password managers are actually easy to find:
But I want more: 
  • Portable: I can carry the device on the go.
  • Auto-type: I don't need to type the password letter by letter.
And there are existing nice solutions:

How Can I DIY One?

If I need such a device today, I'll probably purchase one of the existing solutions.
But after reading about those interesting DIY projects, I'm also interested in thinking how I could make one myself.

Requirements

First I need to write down my reqiurements, which explain why most DIY projects are not good enough for me.
  • The data is encrypted at rest.
  • The device emulates a Bluetooth keyboard. Well, a USB one also works, but I guess it'll wear off too quickly.
  • The device leaks nothing but the requested password.
    • The device must be unlocked locally. We cannot unlock it through the PC that receives the password.
    • The device is air-gapped. It have no network access.
  • The device is secure from unauthorized access.
    • [OPTIONAL] The device will lock itself after a few falseful attempts.
    • [OPTIONAL] The device is somewhat resistant against tampering. E.g. someone steals my device, modifies the software then secretly puts it back.

Hardware

Mostly I'm thinking of Raspberry Pi, which may be the regular ones, or Pi Zero, because they have a nice ecosystem of accessories. Alternatively, phones, handhelds and Arduino etc can also work. 

The device will need its own display and input, which could be something like a Game HAT, or a touch display. And I will need more components:
  • Case
  • Battery
  • USB cable
  • NFC
I also want a Yubikey for unlocking the device and the database.

Software

  • Surely I'll install Linux, likely Debian. And I'll have to maintain/upgrade the system completely offline. There is apt-offline for this purpose.
  • I'll use LUKS, which can be unlocked by a hardware token using systemd-cryptenroll.
  • The passwords will be encrypted by GPG, because I want to unlock it using Yubikey.
    • I could just use pass
    • Or I can juse KeepassXC, while encrypting the master password with pass. 
  • It should be relevant easy to emulate a USB or Bluetooth keyboard, especially on a Pi.
  • I'll need some UI to display the status.
    • This probably requires some work.
  • I'll need to input some PINs, using the touch display or buttons.
    • This probably requires some work.


Conclusion

Maybe one day I'll be way more paranoid, I don't trust my devices and I don't trust commercial hardware password managers. In that case I'll likely start building something on my own.

But before that, I'd like to just keep it as a long-running fun thought experiment.
Labels:

Comments

Post a Comment

Popular posts from this blog

Determine Perspective Lines With Off-page Vanishing Point

In perspective drawing, a vanishing point represents a group of parallel lines, in other words, a direction. For any point on the paper, if we want a line towards the same direction (in the 3d space), we simply draw a line through it and the vanishing point. But sometimes the vanishing point is too far away, such that it is outside the paper/canvas. In this example, we have a point P and two perspective lines L1 and L2. The vanishing point VP is naturally the intersection of L1 and L2. The task is to draw a line through P and VP, without having VP on the paper. I am aware of a few traditional solutions: 1. Use extra pieces of paper such that we can extend L1 and L2 until we see VP. 2. Draw everything in a smaller scale, such that we can see both P and VP on the paper. Draw the line and scale everything back. 3. Draw a perspective grid using the Brewer Method. #1 and #2 might be quite practical. #3 may not guarantee a solution, unless we can measure distances/p...
2 comments
Read More »

Chasing an IO Phantom

My home server has been weird since months ago, it just becomes unresponsive occassionally. It is annoying but it happens only rarely, so normally I'd just wait or reboot it. But weeks ago I decided to get to the bottom of it. What's Wrong My system set up is: Root: SSD, LUKS + LVM + Ext4 Data: HDD, LUKS + ZFS 16GB RAM + 1GB swap Rootless dockerd The system may become unresponsive, when the IO on HDD  is persistantly high for a while. Also: Often kswapd0 has high CPU High IO on root fs (SSD) From dockerd and some containers RAM usage is high, swap usage is low It is very strange that IO on HDD can affect SSD. Note that when this happens, even stopping the IO on HDD does not always help. Usually restarting dockerd does not help, but rebooting helps. Investigation: Swap An obvious potential root cause is the swap. High CPU on kswapd0 usually means the free memory is low and the kernel is busy exchanging data between disk and swap. However, I tried the following steps, none of the...
Post a Comment
Read More »

Moving Items Along Bezier Curves with CSS Animation (Part 2: Time Warp)

This is a follow-up of my earlier article.  I realized that there is another way of achieving the same effect. This article has lots of nice examples and explanations, the basic idea is to make very simple @keyframe rules, usually just a linear movement, then use timing function to distort the time, such that the motion path becomes the desired curve. I'd like to call it the "time warp" hack. Demo See the Pen Interactive cubic Bezier curve + CSS animation by Lu Wang ( @coolwanglu ) on CodePen . How does it work? Recall that a cubic Bezier curve is defined by this formula : \[B(t) = (1-t)^3P_0+3(1-t)^2tP_1+3(1-t)t^2P_2+t^3P_3,\ 0 \le t \le 1.\] In the 2D case, \(B(t)\) has two coordinates, \(x(t)\) and \(y(t)\). Define \(x_i\) to the be x coordinate of \(P_i\), then we have: \[x(t) = (1-t)^3x_0+3(1-t)^2tx_1+3(1-t)t^2x_2+t^3x_3,\ 0 \le t \le 1.\] So, for our animated element, we want to make sure that the x coordiante (i.e. the "left" CSS property) is \(...
3 comments
Read More »