Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

"Sending" Username/Passwords to PC

2009-06-03
2013-04-22
  • Tim Wischmeier
    Tim Wischmeier
    2009-06-03

    Hi all,

    I have a suggestion / idea to enhance the usability of KeePass mobile, though I have no concrete idea of how to implement this.

    It would be a very useful feature if you could somehow connect your PDA (or mobile phone, for that matter) to your PC and use it as an input device. You could place the cursor on your PC in the text field you want to enter your username or password, then click on a "send to pc" - button in KeePass and have it typed in. I am sure this would encourage the use of strong passwords as you would be able to circumvent the hassle of typing them by yourself.

    My first idea was to let your PDA generate a barcode displayed on the screen, which you would be able to scan with a very simple PS/2 or USB barcode scanner, which would be acting just like a keyboard. We have some of those in our company as we create software which runs on mobile devices scanning such codes and processing them. Sadly, the screen of an PDA is completely unable to provide a scan, I could not get any scan from the scanner.

    So, my next two ideas are to connect to the PC by USB or bluetooth, emulating an input device. I do write software for PDAs, but I do not have any clue of handling BT or USB communication, let alone "acting" like an input device. Theoretically it would enable you to send keystrokes, but I sincerely doubt you can, with reasonable effort, go that low level on the BT or USB stack and convince the PC you are a keyboard and not a PDA.

    That would leave us with my last option, a little gadget you would have to install on your PC. That gadged would, in whatever way, listen to data from the PDA and emulate keystrokes itself, which should be not that difficult.

    I know this is not a suggestion you can do with some lines of code, but I am willing to help coding the PC side of that gadget (I do not know c++ very well, so I can only offer c# coding skills). I hope you are convinced of the usefulness of this idea as I am and are keen on giving it more thought to find out if this can be done. Again, I offer to help with this as far as I can.

    PS: KeePassPPC is running smoothly for a few weeks on my LG KS20. Really nice piece of software!

     
    • Tobias
      Tobias
      2009-07-12

      Hi Tim!

      Sorry for the late reply. My job is keeping me busy...

      Well basically what you suggest is to have the passwords always stored on the PDA and have them never "leave" the PDA environment. So you explicitly do not want to use the Windows/Mac/Linux versions of KeePass, correct?

      So what benefit do we get?
      Instead of a hacker having to break the KeePass encryption on the desktop, he has to break the I/O interfaces of that specific hardware device that tells the PDA "give me username / password of entry xyz and type it on the keyboard" or break the encryption on the PDA...

      Hm... So instead of having to worry about the database / program security we would need to invent a new security mechanism that only "trusted sources" can make the request "give me username / password of entry xyz and type it on the keyboard". Is this more secure?

      Getting the password from the PDA to the PC again would be also unencrypted, if one uses some external microcontroller that emulates a USB HID keyboard or something like that, but alas that's also true when you manually type it on the keyboard :-).

      So the general idea of having an external device, which contains all your passwords and types them by emulating an USB HID keyboard or something like that sounds nice, the problem i see is how to select the data you want in a secure way? If any program can say "give me password for x"... Then it's not secure at all...

      So i don't know... Is the level of increased security we get (always assuming you can trust the programs on your PDA!!!) worth the additional hassle in useability? I mean, if you are really really paranoid, then you have a PDA which is never ever connected to a PC / internet, only has KeePassPPC/SD installed and you alway look at the passwords on the PDA screen and type them in via the keyboard manually.

      Maybe in understood your proposal / ideas wrong.

      Kind Regards,
      Tobias