Hardware password manager?

[DejayRezme]

I have more than 100 passwords for different sites and accounts that I keep in a software password manager. If my computer is ever compromised all passwords become compromised.

Can the Solo2 work as a hardware password manager and store up to 200 accounts / passwords on the device and only send them if needed and confirmed by a hardware button?

[tERyceNzAchE]

No.

[nickray]

Not currently.

I think the way most password managers work is wrong though (user does "something", then password manager decrypts All The Passwords into memory). It would be great if they at least just decrypted single passwords on-demand (e.g. after a FIDO2 hmac-secret challenge-reponse to the hardware key (cf. #23), or the key itself decrypts), and you could backup the encrypted versions to the cloud.

If you want to actually store the passwords themselves on the key, then:

• you need a backup story (no good if you lose the key; which other keys if any should get copies of the data, encrypted with which key-encryption-key), this is conceptually HSM territory
• you need custom companion apps on desktop/mobile, and a communication protocol

So I think this gets involved pretty quickly, and is out of scope for the near future. We generally try to innovate yet stay close to existing standards (not bundle up fully custom end-to-end solutions).

Since FIDO2 uptake is so slow though, I do also think there's need + room for some interesting innovation in the personal password management area - hope SoloKeys will be involved!

[DejayRezme]

Thanks. Does the hardware of the solo2 offer enough storage space to store passwords? Could this be added with the hacker version and a companion app?

And yes, "HSM" and encrypted backup is what I would want. While looking into this, I've found lots of discussions about hardware security and the like, but what is actually lacking is a small, cheap, easy to use hardware password manager that can't be hacked via the internet. And an open standard to make it easy to use. Most people still use the same password for many different services. And software password managers are only as secure as the OS and software of the host computer. And my banks and paypal don't seem to support any of this u2f or fido2. If you are looking for "harm reduction" then hardware security is really somewhat tertiary.

Sorry for ranting. I's just that it's 2021 and this annoys me. I guess this is either how "the powers that be" want it. Or hanlon's razor.

[nickray]

Yeah, we have 119.5K internal flash (works over USB+NFC) and 2M external flash (USB only). So if you don't need NFC, I think that should be more than enough.

HSM is clearly on our longer term roadmap (if more from a "roll your own enterprise CA" perspective). Super preliminary plan would involve discoverable PKCS#15 for files, so you'd likely then be easily able to map passwords onto generic data PKCS#11 data objects. With some generic PIN / security indicator setup that would end up pretty standards-based, and the companion app could be built quite generically. The juicier part (and what distinguishes HSM from smartcard in my view) is how to do the encrypted backup/recovery. We'd want something eminently modern, usable, and safe. But as you can tell, this is quite a ways off.

[My1]

@nickray you could maybe take a look at trezor's password manager stuff.
it basically decrypts the metadata first and the passwords on demand if I remember correctly

[kimusan]

I think you would have to go for one of the hardware keys dedicated for this or alternatively use a software password manager and then use the solokey as 2FA for it.
I personally use the OnlyKey hardware key for my passwords as it is the only one that does not work like nick mention where the entire password storage is loaded into memory. It is however limited to something like 16 passwords/2FA/yubikey/OTA tasks

[patrickhanft]

It's not really a hardware password manager solution, but what I currently do (with a Yubikey and hope to be able to do with the Solo v2 as well¹) is use the "pass" (default UNIX) password manager with an OpenPGP key that is securely stored on my Yubikey. In this way, the secret key is never present on the device itself, that uses the password manager, while the passwords are in encrypted form.

But as this solution also works with my Android phone using a private git repository for synchronisation. Whenever I need a password, I need to tap the Yubikey to the phone, however, but I can also be sure, that passwords are secure on a largely not too trustworthy mobile platform.

Main issue in my setup is, that obviously there doesn't seem to be a great solution for Windows, if that is your preferred desktop platform, but I have not explored these options intensively.

A short overview how that would work with a Yubikey can be found here (not written by me): https://blog.filippo.io/touch-to-operate-password-store-yubikey-4/

¹I will still need to explore what supporting only PIV instead of OpenPGP for the moment means for this setup.

[nickray]

Since you're bringing up Filo... There are forks of pass called passage, which use his age encryption tool to replace GPG. Just the other day, we all got excited about adding X25519-via-PIV-on-Solo, which would make Solo a native recipient for age (via the Rust implementation, rage): https://twitter.com/nickraystalder/status/1354221128936542210.

[DejayRezme]

Thanks. And sorry if I come off as annoyed or critical (or maybe I'm just too uneducated and come off as stupid haha). I really like what you are doing and support what you are doing.

I trust my android phone even less than I trust my windows system. I mean the common and affordable android phones all come with branded and modded android and are probably configured to be data distribution and sharing nodes for your personal data. And also surely massively backdoored by one or more of the security services around the world. Plus it's a second super-complex system that you can never be sure to "verify". To be useful as a tool you want to install various questionable software on your smartphone so I see it more like a kind of dirty tool that you can't really keep in pristine condition.

Even linux, I have never tried since I'm more or less bound to windows, but I imagine even keeping a secure linux system requires significant costs in terms of effort and loss of ease of use and choice of software you can install. But why use a complex OS for a task that a simple, single threaded MCU program can do?

So as soon as one of those highly complex OS systems is compromised even temporarily, sending your PGP key to decrypt the password storage makes all your passwords unsecure / stolen (if I understand this correctly). Not that I ever expect such a sophisticated attack, but this is what I'd think of some wide spread exploit or malware would do. Steal my passwords.

So in this case, why would I ever need a hardware key? If I could trust my PC I can use a good password and don't need a hardware key.

Compared to that, keeping all my passwords on any kind of arduino MCU (e.g. macros on an arduino based keyboard with QMK firmware) even non-encrypted would be infinitely better. As long as I can limit physical access or have even basic protection against accidental loss and snooping. If I use one password on a compromised machine, at least I know I only compromised that one password, not all of them.

I assume the usefulness and the market for these types of keys is mostly in securing a few services like google mail or security for small businesses or access to your own web server or OS login.

But to the security needs of an average joe PC user there seems to be no good solution on the market that costs less than 50 bucks. And that kind of annoys me. It's 2021, there should be a solution for this for less than 5 bucks and children in primary school should be thought how to use it. But maybe there is just no market / no money for improving personal data security.

PS: Again, sorry for ranting

[patrickhanft]

… sending your PGP key to decrypt the password storage makes all your passwords unsecure / stolen …

The PGP key never leaves the hardware key. Instead, every cyphertext that needs decryption (the encrypted password), needs to be sent to the hardware key to be decrypted and as you can configure your hardware key to only decrypt on touch, even on a compromised device it is far from trivial to steal your passwords, because you as user would need to physically confirm each password decryption. So it is just the same: Only one password can be be compromised at a time.

PS: Again, sorry for ranting

No problem at all! I hope it helps to grasp the concepts!

But maybe I did miss some of the concerns you have?

[DejayRezme]

Ah I see, thanks. Yeah that is a good option for encrypting / decrypting things on hardware without exposing any key.