Hardware Password Keeper

Note: as a part of this class I created a formal report of the project elements and my thought process—it describes the technical aspects of the project in much greater depth than this post will. In particular, the “demo” secion (see table of contents in the PDF) provides a thorough overview of the device’s features. The code I wrote can be viewed in the PDF or in the Github repository for this project.

Despite being sent home in the middle of the semester due to COVID-19, one class I took in the spring of my sophomore year (6.115 Microcomputer Project Laboratory), involved a hands-on final project. While options were limited due to lack of access to lab space, we were sent home with a few Cypress PSoC microcontrollers and tasked with building something.

I’ve been pestering my family and friends to get a password manager for years (I like Bitwarden personally). So far, I don’t think I’ve managed to convince a single person, but one argument they made stuck out to me—many people can’t install special software, like a password manager, on their work or other computer without jumping through hoops. With this in mind, and in an effort to learn more about encryption, communication protocols such as USB, I2C, and SPI, and bridging the gap between users and hardware, I built a hardware password keeper for my final project.

When initially designing this project, I kept one main thing in mind: it should not rely on software that I write for the host PC, and should at most require preinstalled drivers and maybe a piece of generic software. With this goal in mind, I chose to build my password keeper to emulate a standard USB keyboard using the HID protocol. Entering passwords onto the device would be a bit trickier, but since this was a rarer task I decided to build a standard UART-over-USB interface with the host PC, so the user could use the terminal of their choice to add records to the device’s storage.

In building this project, I learned in depth about interactions with peripherals, considerations for building a robust system, data structure design, user interface design, cryptography (including time-based one-time-passwords), and more. While the system I made certainly has improvements that could be made, I believe that I build a user-friendly device that meets the goals I started the project with: it allows the user to save and retrieve passwords with very little additional software, and none that is specific to this device.

Check out the formal report and the Github repository for more information.