|
|
@@ -2,20 +2,28 @@
|
|
|
|
|
|
Motenpoche ([mot-ɑ̃-pɔʃ] - like in *"Mot en poche"*, French for "word in [your] pocket")
|
|
|
is a physical password vault to carry around your secrets securely. Once connected
|
|
|
-to a PC and unlocked with a main passphrase and it will automatically paste
|
|
|
-passwords selected from your collection.
|
|
|
+to a PC and unlocked with a main passphrase it will paste passwords selected from
|
|
|
+your collection by pressing a button.
|
|
|
|
|
|
Passwords can be provisioned with the help of a host-side command line tool that
|
|
|
-can be run on a GNU/Linux PC.
|
|
|
+can be run on a GNU/Linux PC, either one by one or importing from an existing
|
|
|
+(software) vault.
|
|
|
|
|
|
## Status
|
|
|
|
|
|
This project is still in an early alpha phase and has not been properly tested yet.
|
|
|
-Use at your own risk, no guarantee provided on loss of secret information, service
|
|
|
-profiles, bank details or other relevant information. The author and the
|
|
|
-contributors recommends not to use this software for any purpose rather than
|
|
|
-security auditing, research and study, and they cannot be held responsible or any
|
|
|
-damage of any kind resulting from any proper or improper use.
|
|
|
+
|
|
|
+There are in particular, the following known security issues:
|
|
|
+
|
|
|
+- No proper string boundary check
|
|
|
+- No proper serial protocol hardening
|
|
|
+- Incomplete password wiping from memory after use
|
|
|
+
|
|
|
+Use at your own risk, no guarantee provided on loss of secret data, service
|
|
|
+profiles, bank details or other relevant information that have been stored on the
|
|
|
+device. The author and the contributors recommend not to use this software for any
|
|
|
+purpose other than security auditing, research and study, and they cannot be held
|
|
|
+responsible or any damage of any kind resulting from any proper or improper use.
|
|
|
|
|
|
## Software License
|
|
|
|
|
|
@@ -32,6 +40,8 @@ my password database if I want to access services when I'm abroad.
|
|
|
This system was created to have a temporary physical storage that can be carried
|
|
|
around (and lost, or forgotten on a public transportation...) with reduced risk.
|
|
|
|
|
|
+More features may be available in the future based on user experience.
|
|
|
+
|
|
|
## Hardware design
|
|
|
|
|
|
The design is based on the rp2040 "Raspberry Pi Pico" board, with a few components
|
|
|
@@ -61,7 +71,6 @@ software in this repository:
|
|
|
| GPIO26 | FUNC\_I2C | I2C Display SDA | none (automatic pull-up) |
|
|
|
| GPIO27 | FUNC\_I2C | I2C Display SCL | none (automatic pull-up) |
|
|
|
|
|
|
-
|
|
|
## How it works
|
|
|
|
|
|
The siple idea behind it is that the device does not carry any secret in plain
|
|
|
@@ -70,11 +79,11 @@ unique keys created when the device is initialized.
|
|
|
The encryption key is symmetrical (ChaCha) and can be derived on board using the
|
|
|
main passphrase, which is entered through the rotary and the confirm button.
|
|
|
|
|
|
-The signature key (Ecc256) is created during device initialization on the PC. The
|
|
|
-key is used to sign the passwords to be added to the vault.
|
|
|
+The signature key (ECC256) is created during device initialization on the PC that
|
|
|
+holds it. The key is then used to sign the passwords to be added to the vault.
|
|
|
|
|
|
-Passwords can be provisioned using the host tool, either manually or importing
|
|
|
-them from a CSV file, previously exported from e.g. a software password manager
|
|
|
+Passwords can be provisioned using the host tool, either one by one, or importing
|
|
|
+from a CSV file previously exported from, e.g. a software password manager
|
|
|
or a web browser.
|
|
|
|
|
|
When the device is unlocked, selecting the service needed from the "Services" menu
|
Daniele Lacamera