I am currently working on a hardware project that will utilize the native USB and keyboard emulation capabilities of the Teensy device. Essentially, the user will store an encrypted password database on a mounted SD card that the Teensy will read and send to the host computer. This prevents the requirement of storing passwords in browsers, or certain managers.
However, I’m having a very hard time finding a secure way of encrypting it.
As of right now, I’m using the SHA256 hash value of the pin code as the AES-256 key.
Pin Code – I am currently using a 4×4 matrix keypad to allow the user to enter a pin code immediately after the device boots up. The available pins for the passcode are (14 characters):
0 1 2 3 4 5 6 7 8 9 A B C DThis limited keyspace means that passwords need to be much longer in order to maintain the same amount of security. Otherwise, this is my favorite option. It also allows me to use the keypad for navigation. Adding a salt would better, but exhausting the entire keyspace is very fast.
Fingerprint – This is a neat idea that could potentially be leveraged to allow different users to share a single hardware device. However, this doesn’t aid in encryption. I don’t know of any implementation of a symmetric encryption algorithm using a fingerprint, or a direct derivative thereof, as a key.
YubiKey – This isn’t necessarily a bad option, as it would provide a secure way of handling encryption/decryption of such devices, but that means it requires additional hardware for users. Also, I actually planned on implementing the Yubikey emulation library so the device could, itself, be used as a YubiKey.
Is there a feasible way? Or is this project flawed from the start?