PasswordPump Passwords Manager

17,968

230

28

About: Electronics projects.

This is v1.0 of the PasswordPump, a USB device that manages credentials for up to 254 accounts. Credentials (account names, usernames and passwords) are stored ONLY on the device itself, on two removable EEprom chips using military grade encryption (AES-128). They are not stored in the cloud or in a file on your computer where they are more exposed to hackers. Credentials are backed up on the device itself; i.e. encrypted credentials are moved from the primary EEprom chip to the backup EEprom on demand. You may remove the EEprom chips from the device (perhaps to keep a third or fourth backup). Credentials are entered either via the rotary encoder (on the left) or via keyboard and serial terminal. The device itself is approximately 1 1/8 x 2 3/4 inches, or 29 x 71 millimeters. Currently it's not housed inside of a case, but it should be and will be once design of the case is complete. A preliminary case design is available here (bottom) and here (top). Once my 3D printer arrives and I assemble it I'll be perfecting the case design.

Features

  • Store up to 254 sets of credentials on a single 25LC256 EEprom chip.
  • Credentials are stored in alphabetical order for easy location. Up to 10 failed attempts to enter the master password are allowed, then an automatic chip wipe and factory reset occurs.
  • All credentials are encrypted with AES128, the master password is hashed with SHA256.
  • All encrypted accounts and the hashed master password are salted.
  • The device is not vulnerable to standard password attacks.
  • Backups on external EEprom are encrypted.
  • All credentials can be dumped into a text file for an additional backup (e.g. to a thumb drive that's stored in a safe or safe deposit box, and encrypted).
  • Entry of credentials is supported via keyboard and serial terminal or rotary encoder.
  • Only one master password, up to 14 characters long, is required to access all of your credentials.
  • Automatic logout after 1 hour of inactivity.
  • Optional password generation, 31 characters of random letters, symbols and numbers, for extremely strong passwords.
  • Configure the display of passwords on the device to be on or off.

Step 1: Understanding Existing Techniques, Projects and Products

I believe that many people still use the technique depicted above for remembering their passwords, i.e. they store them in a notebook or on a Post-It note. This is dangerous for two reasons. Obviously, if someone steals your notebook full of passwords it's game over. The PasswordPump encrypts your passwords and requires the entry of a master password to gain access to all of the other passwords; so if somebody steals it, they still can't get at your passwords. Secondly, people don't always select passwords that are really difficult to guess or even brute force crack with a dictionary attack. One of the best features of the password pump is that it allows you to generate, and it remembers, 31 character passwords that are a random mix of ASCII characters, numbers and symbols.

I think the commercial product that most closely matches with the feature set of the PasswordPump is the Mooltipass Mini Offline Password Keeper; $79.00 before shipping costs at the time of this writing. Mooltipass is different in some significant ways and seems like a nice, mature, open source product that is also built on the ATMega32u4. I have also just recently become aware of an open source password keeper, Memtype, which claims to be "an elegant solution to have your credentials stored everywhere". It looks really cool, and one of the coolest things about it is that it's built on the ATTiny! Finally there is another similar project on this site, The Password Keeper on Arduino Pro Micro, that is an excellent example and even provides a way by which to edit the credentials via a program on your PC. Mooltipass, Memtype or The Password Keeper were not the inspiration for this project, however. The inspiration for this project was the Automated Password Typer. Credentials are hard coded into the Automated Password Typer, however, and there's no way to add new, remove old, or edit existing credentials (aside from modifying the source code, recompiling and re-flashing); and lock bits are not set to protect the credentials. I set out to expand on the idea presented in that project and, 2,000 lines of code later, landed here with the PasswordPump.

Step 2: Acquire Parts

Quantity Description Cost

- 1 Arduino Pro Micro $2.87
- 1 RGB LED 0.02
- 2 Resistors 4.7k ~0.03
- 3 Resistors 220 ~0.04
- 1 Custom PCB 1.10
- 1 Rotary Encoder 0.42
- 1 Knob 0.15
- 1 OLED 128x32 1.64
- 1 Momentary push button 0.01
- 2 25LC256 External EEprom 1.89
*Total Cost of Parts: $8.17

*Remember that you'll need a micro USB to USB cable and a breadboard

Step 3: Make Hardware Connections

The Fritzing diagram is available here. These tables are also available here, where I was able to better format them, which might be more helpful.

Arduino Pro Micro (w/ ATMega32u4 microcontroller)
Data Sheet

Arduino Pro Micro
Pin Number., Name, Arduino, AVR, - Connect To / Notes

  1. TX D1 PD3 - unconnected
  2. RX D0 PD2- unconnected
  3. GND- unconnected
  4. GND- unconnected
  5. SDA D2 PD1 - SSD1306 SDA, 4.7k pullup
  6. SCL D3 PD0 - SSD1306 SCL, 4.7k pullup
  7. A6 D4 PD4 - unconnected
  8. D5 PC6 - unconnected
  9. A7 D6 PD7 - pin 1 backup chip select for 25LC256
  10. D7 PE6 - rotary button
  11. A8 D8 PB4 - rotary pin 2
  12. A9 D9 PB5 - rotary pin 1
  13. A10 D10 PB6 - pin 1 primary chip select for 25LC256
  14. MOSI D16 PB2 - pin 5 primary 25LC256, backup 25LC256
  15. MISO D14 PB3 - pin 2 primary 25LC256, backup 25LC256
  16. SCLK D15 PB1 - pin 6 primary 25LC256, backup 25LC256
  17. A0 D18 PF7- unconnected, must float Used for random # generator
  18. A1 D19 PF6 - red RGB pin
  19. A2 D20 PF5 - green RGB pin
  20. A3 D21 PF4 - blue RGB pin
  21. Vcc (+3V) - positive rail
  22. Reset - reset button
  23. GND - negative ground rail, GND RGB, GND SSD1306, GND encoder button, GND 2 25LC256 chips
  24. RAW (+5V from USB) - unconnected


25LC256 (External EEprom) Tested Part: MICROCHIP - 25LC256-I/P - 256K SPI™ Bus Serial EEPROM DIP8
Data Sheet

1st 25LC256
Number., Name, ConnectTo, Note

  1. CS D10 PB6 - pin 13 promicro Chip Select Input
  2. SO D14 - pin 15 promicro MISO - Serial Data Output
  3. WP VCC - pin 21 promicro Write Protect
  4. Vss GND - pin 23 promicro Ground
  5. SI D16 - pin 14 promicro MOSI - Serial Data Input
  6. SCK D15 - pin 16 promicro SCLK - Serial Clock Input
  7. HOLD VCC - pin 21 promicro Hold Input
  8. Vcc VCC - pin 21 promicro Supply Voltage

2nd 25LC256
Number., Name, ConnectTo, Note

  1. CS D10 PD7 - pin 06 promicro Chip Select Input
  2. SO D14 - pin 15 promicro MISO - Serial Data Output
  3. WP VCC - pin 21 promicro Write Protect
  4. Vss GND - pin 23 promicro Ground
  5. SI D16 - pin 14 promicro MOSI - Serial Data Input
  6. SCK D15 - pin 16 promicro SCLK - Serial Clock Input
  7. HOLD VCC - pin 21 promicro Hold Input
  8. Vcc VCC - pin 21 promicro Supply Voltage

Step 4: Source Code

The source code is found here. It's heavily documented in-line, so I'm not going to go through it line by line here.

I'm certain that there are defects remaining in the program (in fact, all of the defects that I'm aware of are listed in the comments section at the top of the program, along with a list of the defects that I've addressed). Therefore use the product at you own risk.

IMPORTANT: I recommend keeping your secondary EEprom up to date by backing up changes made to the primary EEprom when you add, remove or edit credentials. Then use a third EEprom so that you have two backups of your credentials. On top of that, periodically dump the credentials out to a file that you store in an encrypted file on a thumb drive, and secure the thumb drive in a safe or a safe deposit box. Finally, keep your accounts up to date so that if you need to reset a forgotten password you can do so. This product has not been professionally tested for quality purposes and it's possible that you'll lose your credentials. You have been provided with the source code so that you may correct any defects you find. That said, I've been using the device without incident for a couple of months now, and I am storing all of my credentials on it, with many of them using the generated password feature, so if I lose the device and my backups I'll need to reset my accounts, because there is absolutely no way for me to know what the passwords are at this point. I am also maintaining backups as per my recommendations above.

IMPORTANT DISCLOSURE: Using a supplied encryption library I've endeavored to encrypt all of the credentials that get stored on the external 25LC256 EEprom with AES128 (and hashed the master password, which is stored on internal EEprom with SHA256). I have salted the hashed master password and each set of credentials. This project is the first time I've ever used encryption, and there's been no formal code review, so I could have done it wrong, and the standard disclaimer (buyer beware) applies in this case. I have examined the content of the external EEprom chips (after storing many sets of credentials) using a PC and a CH340 24/25 series EEprom flash BIOS USB programmer and all of the usernames, account names and passwords appear encrypted. However, I am painfully aware that encryption is something that is very easy to do incorrectly, therefore proceed with caution. If you are skilled in this area I would appreciate a code review and some constructive feedback (please contact me directly).

The sketch presently uses 97% of program storage area and 66% of dynamic memory. This makes it extremely difficult to add new features to the product without exchanging them for existing features. There are several new features that I'd like to add but I can't because of the memory restriction. For example, after 1 hour of total inactivity the device times out and you're logged out of it. I would like to make that time period configurable (e.g. you could set it to 2 hours if you like), but I simply don't have the room to add that feature. I think one hour is probably a good compromise, and while at work with the device at my side I periodically turn the rotary encoder a click or two in any direction to push the automatic logout up an hour.

Step 5: Libraries

The following libraries need to be installed in your Arduino IDE if you're going to compile the source code:

- https://rweather.github.io/arduinolibs/index.html... - AES and SHA library, MIT License.

- https://github.com/LennartHennigs/Button2 - Used for the button on the rotary encoder, Copyright (c) 2017 LennartHennigs , MIT License.

- https://github.com/LennartHennigs/Button2 - Used for the rotary encoder, GNU GPL Version 3.

- https://github.com/LennartHennigs/Button2 - Used to send characters to the keyboard as if typed by the user, GNU Lesser General Public License.

- https://github.com/LennartHennigs/Button2 - Used for internal EEprom

- https://github.com/LennartHennigs/Button2 - for SSD1306 display device, Bill Greiman

Step 6: Compiling

Make sure all of the required libraries are installed. Set the board to "Arduino Leonardo". Remember that you'll be uploading via an external programmer, so set that value in Programmer. I use the Pololu USB AVR Programmer.

Step 7: Flashing the Program

I'm using an external programmer to burn the program onto the device. i.e. from the Arduino IDE I"m selecting Sketch-->Upload Using Programmer to send the program to the Atmel ATMega32u4/Arduino Pro Micro. I'm doing this in part because it overwrites the boot loader, and I want to overwrite the boot loader because by doing so I have more space on the device for the program. I don't think the program will fit onto the Pro Micro if the boot loader is present, but I haven't tested this. I also don't think the device will work correctly with the boot loader present for other reasons. Therefore, I use the Pololu USB AVR Programmer for this. I still have to power the device via the USB cable while programming with the external programmer. If you build the device by sourcing the parts on your own or if you build with the kit, be sure to refrain from snipping the header pins after you have soldered the Arduino Pro Micro to the USB board if you want to be able to load the firmware. If you snip the header pins flush with the PCB board there won't be a way to re-program the device; you need to connect VDD, GND, RST, MOSI, MISO, and SCK to the Arduino Pro Micro from your external programmer to flash the program. Instructions for doing this are found here. Rest assured that my initial setting of the lock bits will not prevent you from re-flashing the program. If you want to reset the lock bits after re-flashing the program you can do so. For me the easiest way to do that was to use Atmel Studio and my USB AVRISP XPII. But you don't really need to set the lock bits because the source code is now available to everyone, anyhow. The master password, stored in internal EEprom, is hashed with SHA-256.

Step 8: Operation

To turn the device on you simply plug it into a USB port/receptacle using a micro USB Micro-B plug to USB-A plug cable, the same cable that you'd use to charge an Android phone. The first time you plug it in a driver might need to be installed. The driver is available for download in the source code repository referenced below in the Source Code section.

The first time you power the device on you'll see :

Master Password
March 11 2019 (or the date of the most recent compile)

At this point you'll want to enter your master password. Try to select a master password that you'll be happy with, because if you want to change it you have to Reset the device, and that wipes out all of your credentials. There is only one way to get the credentials back into the device after that, by keying them in via keyboard or rotary encoder. Also try to select a password that can be more quickly entered into the device. It should be a combination of upper and lower case, with numbers and maybe a symbol or two. I like to pick a password that can be typed almost entirely with my left hand, I find they are easier to input via the rotary encoder. You should select a strong password; a combination of letters, upper and lower case, numbers, and special characters, between 7 and 14 characters long. To enter a character turn the rotary encoder until the character appears and then press the rotary encoder down (short click) to select the character. There's presently no way to back up if you make a mistake so be careful (or enhance the code yourself, if you can squeeze it in!). Once the entire master password has been entered long click the device (click down the rotary encoder for more than 1/2 a second). You've just entered the master password and now you're ready to enter a set of credentials.

You move through the menu items by turning the rotary encoder, clockwise to move down the list and counter clockwise to move up. Account names are stored in alphabetical order. To select an item you click down on the rotary encoder (short click). To backup you hold the rotary encoder down for more than a half second (long click).

Adding Credentials
To add a set of credentials via the keyboard you need to open a serial terminal. The one that works best for me is the Arduino serial terminal. So if you open the Arduino IDE go to Tools->Ports and select the Arduino/Genuino Micro port. Then select Tools->Serial Monitor (or Ctl+Shift+M). Next, on your PasswordPump navigate down to Keyboard OFF and change it to Keyboard ON with a short click. Navigate back up to Add Account and short click. You'll see:

Account Name
Add Account

Short click, then switch back to the Arduino Serial Terminal and enter the account name, followed by the return key. Then long click on the Password Pump. You should now see:

Edit Username
[the account name you entered]

Short click again, switch back to the Arduino Serial Terminal and enter the username, followed by the return key. Then long click on the Password Pump. You should now see:

Edit Password
[the account name you entered]

Short click again, switch back to the Arduino Serial Terminal and enter the password, followed by the return key. Then long click on the Password Pump. You should now see:

Indicate Style
[the account name you entered]

Short click again and use the rotary encoder to specify either 0 or 1. Specify 0 if, while supplying username and password, the Password Pump should send a carriage return after sending the username and before sending the password. Specify 1 if, while supplying username and password, the Password Pump should send a tab after sending the username and before sending the password. Then long click on the Password Pump. You should now see:

Account Name
[the account name you entered]

Long click again and you'll see:

Find Account
[the account name you entered]

You've finished entering the credentials.

Note that you can also enter credentials using just the rotary encoder. Keyboard can be ON or OFF, it doesn't matter. Simply enter the credentials using the rotary encoder in a fashion similar to how you entered the master password.

Sending Credentials
Navigate to Find Account and short click. Use the rotary encoder to scroll through the list of credentials you've entered. When you've found the account name associated with the credentials you want to send to your computer, place the input focus in the username text box in the window prompting you for credentials on your computer. On the Password Pump you should see:

Send User & Pass
[the account name you selected]

Short click to send the username, a carriage return or a tab character (depending on the style setting), and then the password. If you selected the correct style you should now be logged in to your account / application.

If you only want to send the password to the computer, followed by a carriage return, scroll down once using the rotary encoder until you see:

Send Password
[the account name you entered]

And short click to send the password and the carriage return character.

Similarly you can send just the username or just the account name.

Editing Credentials
To edit a set of existing credentials first decide if you're going to edit the credentials via the keyboard or just the rotary encoder. If you're going to edit the credentials via the keyboard follow the instructions in Toggling Keyboard Entry. Then use Find Account to navigate to the account you want to edit and short click. Then scroll down to Edit Creds and short click. Then scroll to the attribute you want to edit; Account Name, Edit Username, Edit Password, or Indicate Style. Now short click. Use the keyboard to re-enter the attribute in the fashion described in Adding Credentials, or just use the rotary encoder to re-enter the attribute. Then long click to save the change. If you are generating a new password for the account then follow the instructions in Generating a Password.

Deleting Credentials
Make sure you have a current EEprom backup. Navigate to Find Account and short click. Use the rotary encoder to select the account that you want to delete, and short click. Using the rotary encoder scroll down to Delete Acct and short click. Confirm your desire to delete the account by selecting Y with the rotary encoder and short clicking. The account is gone now and it's wiped from the primary EEprom chip. It isn't wiped from the backup EEprom yet, so if you accidentally delete an account, and you have a recent backup, you can restore the backup and the account will reappear. Navigate to Find Account and verify that your account is deleted. If you're not able to scroll through all of your accounts, a intermittently occurring defect has occurred and the linked list that manages the display of all of the accounts is corrupted. Restore the latest backup from EEprom. If you backup the EEprom immediately after deleting the account it is also wiped from the secondary EEprom.

Generating a Password
Read through all of these instructions before attempting to change your password to a new generated password. The most powerful feature of the PasswordPump is it's ability to generate random 31 character passwords and remember them. These passwords are extremely difficult to guess and are not as vulnerable to brute force attempts to break into an account. Before performing this operation you should be sure that you have a current backup of all your credentials. To generate a password for an account simply find the account via Find Account and select the credentials by short clicking on the account name. In your application on your computer navigate to the change password feature and place input focus in the Old Password text box. On the PasswordPump navigate to Send Password (NOT Send Password ) and short click. In your application on your computer place input focus in the new password text box by hitting the key. In the PasswordPump scroll down to Edit Creds and short click, then scroll down to Gen Password and short click. This changes the password to a randomly generated series of 31 characters. Now long click once, navigate to Send Password (NOT Send Password ) and short click. If you need to confirm the new password then place input focus on that text box in the application on your computer and short click again. Confirm your password change by hitting the return key or otherwise clicking on the appropriate button. You now have a random 31 character password on the account, and the only place where that password exists is on the encrypted EEprom chip on your PasswordPump. At this point it's a good idea to Backup to EEprom and Backup to a File, and to be sure that you can somehow recover from a lost password on that account. Warning: If the attempt to change your password fails because the old password is not accepted be aware that you have just overwritten the old password with your new generated password. To restore the old password you'll need to either Restore a Backup from EEprom and try again, or go to the encrypted backup file on your thumb drive to get the current password for the account, or recover the password from the account using whatever mechanism is available to you via the application or web site. Think ahead and be careful so that you don't lock yourself out of your account!

Logging Out
When you want to log out of the device navigate to Logout using the rotary encoder and short click. The RGB led changes from green to blue. You're now logged out and must enter the master password again in order to use the device. If you're walking away from your computer to get coffee it's good practice to lock your computer and logout of the PasswordPump.

Toggling Keyboard Entry
Navigate to Keyboard ON/OFF. Short click to toggle the setting. When the keyboard is on you may enter credentials via the keyboard using the process described in Adding Credentials. Keep the keyboard set to OFF when you're not entering credentials. This setting is not saved when the device powers off and the default is Keyboard OFF.

Showing/Hiding Passwords
Using the rotary encoder navigate to Show Psswrd ON/OFF. Short click to toggle the setting. This setting is saved when you log out and power down the device.

Backing Up to EEprom
On the Password Pump navigate to Backup EEprom using the rotary encoder. Short click, then confirm that you want to backup from the primary EEprom to the secondary EEprom by selecting Y with the rotary encoder and short clicking. The RGB will be yellow while the backup is taking place, and then change back to green.

Back Up to a File
On the PasswordPump navigate to Backup to File using the rotary encoder. On your computer open a text editor (one without an autocomplete feature), notepad.exe works best, and place input focus inside the text editor. Personally I use UltraEdit because it has built in encryption. Then short click on Backup to File. The contents of the primary EEprom chip (all of the credentials stored in the PasswordPump) are dumped into the text editor. The RGB led turns purple, then to green when the operation is complete. It's best to encrypt this file by zipping it up with a password using WinZip or similar, and storing it on a thumb drive that you can, in turn, store in a safe or safe deposit box. Delete the original file from your computer and empty the trash. Keep this file up to date by periodically executing this operation. I carry the encrypted file with me on a thumb drive that is securely attached to my key ring, and I keep a backup of that file elsewhere.

Restore a Backup from EEprom
If you decide that you want to restore the EEprom backup (or, in other words, have the contents of the secondary, backup EEprom overwrite the contents of the primary EEprom), then navigate to Restore Backup on the PasswordPump. Short click and confirm the operation by selecting Y with the rotary encoder and short clicking. The RGB led will turn yellow until the operation is complete, then it changes back to green.

Performing a Factory Reset
You want to wipe out all of the encrypted credentials on the primary EEprom and factory reset the device. On the PasswordPump navigate all the way down to Reset using the rotary encoder. Short click. Confirm that you want to factory reset the device and clear all of the credentials and the master password by selecting Y with the rotary encoder and short clicking. The RGB will flash blue and red slow and then fast while the device is factory resetting, then change to blue. At this point you can enter a new master password. Note that a Factory Reset doesn't wipe out the credentials stored on the backup EEprom. If you use the same master password you'll be able to restore the backup and see the credentials. If you want to wipe out the backup EEprom as well, select Backup EEprom after you've entered your new master password, or swap the position of the primary and backup EEprom chips and perform another factory reset.

Step 9: Understanding the RGB Colors

  • Green - Logged in
  • Blue - Not logged in
  • Red - Failed login attempt Error backing up or initializing EEprom
  • Purple - Sending creds
  • Yellow - Backing up to EEprom
  • Fast Flash Red / Blue - Initializing external EEprom
  • Slow flash Red / Blue - Initializing internal EEprom

Step 10: Move It All to a PCB

This is the PCB I designed for the PasswordPump. The design files are available with the source code if you're interested in ordering your own. This is the first project I've ever designed with a PCB board, so feedback from the experienced is welcome. I would like to make the device smaller, so any advice toward that end is appreciated.

Step 11: PCB Assembly

Assembly should be fairly obvious. Guidelines are provided below. If you have any questions send me an email (dan-murphy@comcast.net) before proceeding and I'll answer your question and update this site.

1) S2 - momentary push button, the reset button, solder onto the BACK SIDE of the PCB so that it is accessible after the Pro Micro is soldered to the board. Make sure that the orientation of the push button is correct. See the picture above.

2) R1,R2, R3 - 220 ohm resistors, solder these into place.

3) R4, R5 - 4.7k ohm resistors, solder these into place.

4) RGB - RGB LED, the longest pin on the RGB is ground. It is the third hole from the left or the second hole from the right. It's connecting trace is on the bottom of the PCB, while all others are on the top. Take care not to bridge the solder between the traces when soldering the leads. This is the most difficult part of the assembly. Some de-soldering skills might be necessary to remove any bridges you accidentally create. Use the continuity function on your multimeter to ensure that there are no bridges before proceeding.

5) U1 (label occluded), U2 -solder 2 IC DIP sockets into place. The notches in the sockets should face the bottom of the board (when standing the board on end). The notches or dimples in the 25LC256 chips will face the Pro Micro. See the picture at the very top of this blog.

6) ARD1 - after soldering male headers to the Pro Micro (use a breadboard, or the custom PCB itself, when soldering the headers in place to keep the headers precisely aligned, otherwise the Pro Micro will not fit into the custom PCB), solder the Pro Micro in place with the micro USB port facing the bottom of the PCB as per the picture at the top of the page. Don't solder the Pro Micro into place until after the momentary push button is soldered in place. After soldering the Pro Micro into place DO NOT snip the leads flush to the PCB, otherwise you'll never be able to re-flash the program.

7) RE1 - Rotary encoder. The two leads of the rotary encoder that are meant to more securely fasten the encoder to the PCB need to either be thinned out or snipped off entirely; the holes are too small and misaligned. The next version of the PCB I send out for manufacturing will have this problem solved. Apologies.

8) The last soldering step is to solder male headers to the OLED 128x32, and to then solder the OLED 128x32 to the PCB so that it hangs over the Pro Micro. The male headers should be just long enough to accomplish this. I use an elastic to keep the display in place, and the leads penetrating the holes in the PCB so that they are just flush with the back side of the PCB, almost poking all the way through, and there is just enough of a lead there to solder to the PCB.

9) Insert the knob onto the rotary encoder. If you ever need to remove the knob take care not to rip the rotary encoder off of the PCB.

10) Being careful not to bend the pins, insert both 25LC256 ICs into the dip sockets (with the dimples closest to the Pro Micro, see the picture at the top of this blog).

11) Plug the male end of a micro USB cable into the Pro Micro, and plug the other end into a USB port on your computer. Drivers will most likely be automatically installed. If not they are available on GitHub. Your PasswordPump should display:

PasswordPump
March 11 2019

then, three seconds later:

Master Password
March 11 2019

Click the rotary encoder down once and enter the master password you've selected. See the directions under Operation.

Step 12: Future

I'm currently constrained by the amount of flash memory available to me in the ATMega32u4, 32k. All of the space is consumed by the program. If I had more room I could add additional features. In particular, I'm interested in writing GUI that would run on the computer that would interface cleanly with the PasswordPump.

Using a Arduino serial terminal to add credentials is awkward at best, but I think more memory would be required to rectify the situation. I'd also like to have more EEprom room so that 64 bytes could be used for usernames, passwords and account names. Additionally I think it would be better to use AES-256 for encryption. A device that might meet all of these requirements is the Adafruit ItsyBitsy M4 Express with ATSAMD51; here are some of the advertised features from the web site:

  • Cortex M4 processor running at 120 MHz
  • 512KB Flash (16 times bigger than the Atmel ATmega 32u4)
  • 1.4" long by 0.7" wide (smaller than the Pro Micro)
  • 2MB of SPI Flash (compared with 64k from the two 25LC256 chips)
  • Native hardware I2C and Serial (to interface with the SSD1306 display)
  • Built in crypto engine with AES, 256 bit (to replace the encryption library)
  • Native USB supported by every OS (to send credentials like a keyboard)
  • Can be used with Arduino IDE
  • Built in RGB DotStar LED (to replace the RGB on the PasswordPump)
  • Reset button
  • Power with USB

On the downside some of the libraries I've used for v1 of the PasswordPump will not work with the ItsyBitsy; the keyboard library in particular will be a problem as well as the library for the SSD1306. The other libraries could be tossed and code would more easily be written to accommodate the associated functionality. The biggest con is the price of the ItsyBitsy, at $14.95 it would triple the cost of producing a PasswordPump.

Step 13: Initial Versions of the Password Pump

Above are pictures of the first three prototypes for the PasswordPump.

Pocket Sized Contest

Second Prize in the
Pocket Sized Contest

Share

    Recommendations

    • Backyard Contest

      Backyard Contest
    • Beauty Tips Contest

      Beauty Tips Contest
    • Growing Beyond Earth Maker Contest

      Growing Beyond Earth Maker Contest

    28 Discussions

    0
    None
    n4mwd

    Question 3 months ago

    How do the passwords get from the device into a web browser?

    9 answers
    0
    None
    MJDYn4mwd

    Answer 3 months ago

    This cool device works as keyboard. So it types.

    0
    None
    yknivagMJDY

    Reply 3 months ago

    My apologies, I had clearly mis-read part of your write-up. I was definitely left under the impression after the first read that you were hashing all the passwords, which was why I too wondered how they were being output.

    Having read the write-up again (at a much more reasonable hour of the day) and looked in more detail at the code, it is clear it was me who was mistaken. Please accept my apologies.

    Having re-read and reviewed the code I think I may actually make one of these - it's the first time I have come across a tutorial for a project like this which is even remotely secure and is to be commended. The very fact that you have 128bit encryption running on an 8bit processor with so little RAM is fascinating.

    Thank you for your speedy engagement and once again I'm sorry for the confusion.

    0
    None
    seawarrior181n4mwd

    Reply 3 months ago

    The device is basically a keyboard. Take a look at the Keyboard library referenced in the Instructable.

    0
    None
    yknivagseawarrior181

    Reply 3 months ago

    If the password is "typed" into the application then the device must be able to access the password in plain text. Which means you haven't hashed the password, you may have encoded or encrypted it but you haven't hashed it.

    Were the password genuinely hashed you would no longer be able to retrieve the password in order to enter it into the application.

    0
    None
    seawarrior181yknivag

    Reply 3 months ago

    Respectfully, you're mistaken yknivag. Kindly read the source code : https://github.com/seawarrior181/PasswordPump/blob/master/PasswordPump_13.ino.

    The plain text of the hashed password IS retrieved, from the BRAIN of the USER, every time it is entered via the rotary encoder. The master password exists only in the users mind. The plain text master password is NEVER stored in EEprom.

    More Detail:
    The first time the device is powered up the user enters his/her master password into the device. It is then hashed using SHA-256 and that hashed version of the master password is stored in EEprom on the ATMega32u4, and it is also stored (unhashed) in volatile memory in RAM in a variable. When the device is powered off the only version of the master password that's stored is the hashed master password in EEprom on the chip. When the device is powered on again the user enters the master password via the rotary encoder and it is stored in volatile memory in a variable in RAM and hashed, and the hash is compared against the stored hash (from EEprom) of the master password. If they match then access to the device is granted. At this point in time the hashed password is naturally still stored in EEprom on the chip and the plain text master password is in RAM in a variable in volatile memory. The plain text master password stored in a variable in RAM is used (in combination with salt) to encrypt and decrypt, using AES-128, the account names, usernames and passwords that are stored in EEprom on the 25LC256. When the device is powered off, again, the only version of the master password that is stored (outside of the brain of the user) the hashed master password, which, of course, is NOT the key to all of the other creds stored on the device; the key to all of the other creds stored on the device is the plain text master password, which disappears when you power off the device (except from the brain of the user). The only way to get the master password off of the device is to somehow steal the device, circumvent the lock bits set on the ATMega32u4 (which means opening the chip with a putty knife in the garage and somehow reading the state of the transistors with a microscope) to obtain the HASHED version of the master password, and then to find and employ the processing power and time needed to crack SHA-256. It would probably be easier, after you've stolen the device, to try to break AES-128 by going directly after the encrypted credentials on the 25LC256.

    Let me know if that doesn't address your concerns.

    0
    None
    yknivagseawarrior181

    Reply 3 months ago

    I don't doubt that you hash the MASTER password. But you CANNOT be hashing the individual passwords of the credentials you're storing.

    Hashing is, by definition, a ONE-WAY ticket. You cannot "un-hash" (at least not mathematically and not with an un-broken technique). If you don't understand hashing and why you cannot be doing it for the stored credentials, take a look at https://learncryptography.com/hash-functions/why-are-hashes-irreversible

    You may be encrypting the usernames and passwords for the stored credentials but that is not the same as hashing them.

    Were all the stored passwords HASHED then you would never be able to get the plain text credentials back to enter them via the virtual keyboard.

    If you truly believe that all the passwords (not just the master) are hashed then I would really like to see the code you have for reversing the hash!

    0
    None
    n4mwdyknivag

    Reply 3 months ago

    I think you might be confusing a password with a key. He is using a master password to generate a hash which becomes the key to an AES encrypted web page password.

    The part about this being a keyboard emulator bugs me. That says that wherever the cursor happens to be, the password will print out. It also says that there is no protection from keystroke loggers.

    It does have the advantage of being transportable to other machines, but for single machines, Firefox password manger is hard to beat. Maybe if it had some kind of hook into Firefox so that you could just plug it in and Firefox would contact it for the passwords.

    0
    None
    seawarrior181n4mwd

    Reply 3 months ago

    n4mwd, the hashed master password is not the key that's used with the AES-128 encryption. The plain text master password, plus a different salt for each set of credentials, is the key that's used with AES-128. It is only ever stored in volatile memory, after having been input by the user when the device is powered up. The hashed password serves only one purpose; to authenticate the user to the PasswordPump.

    There is no protection from keystroke loggers. But if you've ever used your keyboard to enter a password, you've got that problem anyhow.

    0
    None
    seawarrior181yknivag

    Reply 3 months ago

    yknivag, you are still confused. Carefully read what I have written. I do not hash the credentials (account names, user names and password). Can you point out where I claim to do so? Only the master password is hashed. Credentials are encrypted. Take a look at the source code, that will clear you up.

    0
    None
    Mic100

    3 months ago

    Hi
    very interesting job, a very good idea, thank you for this Instructable :)

    1 reply
    0
    None
    seawarrior181Mic100

    Reply 3 months ago

    Your welcome! Thanks for reading and the kind words.

    0
    None
    LászlóG7

    3 months ago

    Is it possible to use 25LC512 or 25LC1024 eeprom(s) for more credentials space?

    1 reply
    0
    None
    seawarrior181LászlóG7

    Reply 3 months ago

    Yes, with some minor adjustments to the defines (pre-compiler directives) in the source code. How many sets of creds do you need to accommodate? 254 seems like plenty.

    See the source here: https://github.com/seawarrior181/PasswordPump/blob/master/PasswordPump_13.ino, lines 456 - 490. You can probably get away with just changing line 459:
    #define MAX_AVAIL_ADDR 0x7FFF // 32,767. 25LC256 = 256kbits capacity.
    to
    #define MAX_AVAIL_ADDR 0xFFFF // 65,535. 25LC516 = 512kbits capacity.
    0
    None
    seawarrior181old_sailor

    Answer 3 months ago

    1
    None
    Willyd57

    3 months ago

    I'm wondering how easy (or hard) it would be to build this on a raspberry Pi zero. That way you would have an OS (Linux) so you could add the code to have it enter passwords automagicly for you. I have done a fair amount of programming, but never anything that could do that sort of thing.... Hmmmm.

    3 replies
    0
    None
    seawarrior181Willyd57

    Reply 3 months ago

    It's definitely possible to build a similar project with a Raspi zero. I'm not sure I understand your comment 'you could add the code to have it enter passwords automagically'... do you mean to say that the product would automatically recognize the website you're on (or the application to which you are supplying your creds), and then automatically find and enter those creds for you?

    0
    None
    Willyd57seawarrior181

    Reply 3 months ago

    That is exactly what I mean. The password manager I use on my desktop does that for me and it is ultra convenient. Not sure how to go about writing the code for that so it would have to be researched to find out if that would be possible to do that while connected via usb (or wifi ??). Just a thought really.

    0
    None
    seawarrior181Willyd57

    Reply 3 months ago

    I believe you'd need some software running on your desktop (a piece that recognizes the web site or application you're trying to authenticate against) that communicates with the device before the device can send back the appropriate creds.