Passwordspark - Digispark Pwd Generator

[Dennis]

Hey everyone,

I'm working on a CSPRNG (cryptographically secure pseudo-random number generator) for the Digispark. At the moment I do some testing on measuring random data with my UNO.
My project is still at the beginning, but I'd like to give you some information on how my CSPRNG will be working.

1. Measure (more or less) random data with the Digispark. (Unfortunately the analog inputs noise (without sensors attached) seems to be pretty deterministic. So I have to consider another solution.)
2. Using the "random" data as an input for some cryptographic functions. My Beta1 will be using an improved Version of RC4 (which is often used as a CSPRNG). I will have a pretty detailed look on RC4 in this environment and maybe use another algorithm in later releases.
3. After calculating a new key the Digispark will act like a keyboard and type the key into any typing field you want. This is where I need your help. Unfortunately the example keyboard libraries are not working in my UNO. Does anyone who know how I get my UNO to act like a keyboard?

Dennis

ps. To achieve Kerckhoffs principle I'll publish my source code once the detailed testing is done.

[bart]

Hi Dennis,
I\'m planning to do a similar thing after seeing http://youtu.be/kpNSycoUCZM (you should be able to build this with a digispark).
Getting the caps-lock info should not be to hard ( http://youtu.be/jOUbEna4lNs ) so taking time in between key-presses should give me enough random input.
/Bart

[sparr]

bart, be sure to look into the specs on keyboard state propagation... there might be a max update speed, which would introduce granularity and reduce randomness in your data collection.

[Dennis]

Hey Bart,

I decided not to use key-board pressing as an input since it is extremely deterministic. But how do I get my UNO to write sometime like a keyboard?

[digistump]

Dennis - check this out for how to make the uno act like a keyboard: http://mitchtech.net/arduino-usb-hid-keyboard/

[bart]

@Dennis - I look forward seeing your project!
@digistump - nice one! have hot seen that one before!

my \"Arduino + keyboard\" links:
http://arduino.cc/en/Tutorial/KeyboardMessage (Leonardo only? not UNO?)
http://www.arduino.cc/cgi-bin/yabb2/YaBB.pl?num=1226896251/ (\"analog\" keyboard)

[MichaelMeissner]

Quoting from the Leonardo blurb: \"The Leonardo differs from all preceding boards in that the ATmega32u4 has built-in USB communication, eliminating the need for a secondary processor. This allows the Leonardo to appear to a connected computer as a mouse and keyboard, in addition to a virtual (CDC) serial / COM port.\"

[bart]

@Michael: ok for ATmega32u4, but this site
http://codeandlife.com/2012/03/03/diy-usb-password-generator/ shows that it is also possible with an ATtiny85
What brings me to the next question: in the 2k boot code, is there anything foreseen for a usb-keyboard?

[Dennis]

@sparr: Yes, the keyboard sketches are \"Leonardo only\".
@Erik: Thank you. I\'ll have a closer look at this page.

Project update:
Today I got some sensors. Unfortunately they provide pretty accurate data. I need to find another way to achieve a random input. Maybe I\'ll have a closer look at measuring the noise of an ADC channel with no wires attached.

[Dennis]

https://www.sparkfun.com/products/10742
This would be a pretty good source for true random numbers, but a way too expensive. :-)

[sparr]

Perhaps instead of timing a capslock doubletap you could time from startup to the first capslock tap, then between pairs of taps?

[Dennis]

@sparr: I\'ll have a look at that.

Project update:
I decided to keep my current circuit. Without using them as an RNG, but to add some temperature- and light-dependent inputs. Which means, that even if you are able to recover the random input, you have to run the Arduino under the same conditions (light and temp) to get the same key.

Here is my beta circuit diagram (nothing new for experienced Arduino fans, but maybe interesting for newcomers):

[crabbypup]

you could make data more random by adding a digital compass and/or a barometric pressure sensor.
or make a very high-gain antenna and use an OP-AMP to turn EMI into pseudo randomized binary.

[Dennis]

@crabbypup: Unfortunately I don\'t have such sensors. But I\'ll buy more sensors in the future.

Project update:
My current algorithm works pretty well. Next step will be using RC4 for better statistics.

[mgrennan]

I\'m going to work with the ATSHA204 (www.sparkfun.com/products/11551) and create Yubikey (yubico.com).   It\'s features are:

Runs on 2.0-5.5V
Integrated capability for both host and client operations Superior SHA-256 hash algorithm, HMAC option Best-in-class, 256-bit key length; storage for up to 16 keys
Guaranteed unique 72-bit serial number Internal, high-quality Random Number Generator (RNG) 4.5-Kbit EEPROM for keys and data 512 OTP (One Time Programmable) bits for fixed information.

The idea will be to create a crypto pair.  You carry one.  To use it, you plugin the \"Public\" device, touch it, and it will type a one time password that only it\'s \"Private\" device can de-crypt.

This could also be used as part of authentication control lines to remote equipment like radio transmitters or manufacturing equipment.  A ATSHA204 could be wired into a laptop or a software only version could be coded into ... ? The BIOS so only the \"Public\" key could decrypt the hard disk?  I guess I said it all with OTP.