#109 [Plugin Idea] USB device as the key

open
nobody
5
2009-09-10
2004-07-01
Daevid Vincent
No

There is a unique identifier in every USB device (like a
GUID). It would be nice to use a _USB device_ as the
key. So for example, I have to have my USB drive
plugged into my machine for KeePass to work, or it can
even be used with a USB mouse or whatever.

On linux, my friend has this setup where nobody can
login or type on the keyboard without his exact USB
dongle connected.

I think this should be useable AS the key, or also in
combination with other mechanizms. For example, I keep
the .key file on my dongle, but it would be great if I had
to have that exact dongle too. Is this making sense?

Discussion

  • John Martz
    John Martz
    2004-07-02

    Logged In: YES
    user_id=928893

    > it would be great if I had to have that exact dongle too

    Wouldn't it worry you that the USB drive might get lost or
    break? If this happened, how would you ever retrieve and use
    your password database?

    -irrational john

     
  • Logged In: NO

    I agree with the previous comment. Maybe with the
    exception of having an alternative way of accessing the data
    once the usb device is destroyed or inaccesible. What about
    being able to burn a key to a CD/DVD? Then you must have
    the secret decoder CD in the drive to access the keepass
    safe. Just a thought.

     
  • Daevid Vincent
    Daevid Vincent
    2004-07-23

    Logged In: YES
    user_id=762136

    >> it would be great if I had to have that exact dongle too
    >
    > Wouldn't it worry you that the USB drive might get lost or
    > break? If this happened, how would you ever retrieve and
    use
    > your password database?

    that's sort of the point. security. don't loose the USB dongle
    or break it. you could always keep a backup somewhere that
    doesn't use the dongle too right? like on a CD in a safe
    deposite box or something, then if you loose the dongle, just
    get the CD, load it up, and re-encode with a new dongle.

     
  • John Martz
    John Martz
    2004-07-23

    Logged In: YES
    user_id=928893

    > you could always keep a backup somewhere that
    > doesn't use the dongle too right?

    So in other words, you'd have to periodically save the database
    to another backup database file which used another key,
    different than the USB drive's identifier, to encrypt the backup
    database.

    This is possible, but awkward with the current KeePass UI.

    Also, after mulling on it a bit, I really don't think using the USB
    drive's identifier is any more secure than just saving a KeePass
    password file on the USB drive. If someone was in a position
    where they could copy your key file from the USB drive then
    they could just as easily make a copy of the USB drive's
    identifier. Either way they'd have the key to open your database.

    No?

    -irrational john

     
  • Logged In: NO

    This should come with a way to recover if you loose your
    device.

     
  • Fitz
    Fitz
    2004-09-24

    Logged In: YES
    user_id=1094544

    I like the idea as long as there's a backup available.
    I also like the idea of doing the same thing with a CD-key
    which I know I'd be able to duplicate. I use a USB mini-drive
    and would rather not spend several minutes setting things up
    every time I want to use my "keys".

     
  • Dominik Reichl
    Dominik Reichl
    2009-09-10

    • summary: USB device as the key --> [Plugin Idea] USB device as the key