Is it possible to store the password list on a smart card? (and also then bypass the password for the app?)
I am currently working on a smart card password disk option.
The smart card has a very limited space for storing data files. Current standard cards vary from 2K to 32K of user usable space. My test and real password databases frequently cross 8/16/32K (particularly in case of possible file attachments).
According to the technology progress the usable space will definitely expand in the future.
Meanwhile, I think that in spite of the technical possibility the smart card's memory is not the proper place for storing databases.
But the password disk key could be stored there.
Yet there are some problems that must be solved. They include an exclusive use of the card memory by other applications or the reservation of the card only for KeePass, a standard location for the file and its recognition.
There are probably more suitable media for storing the database on the market, many of them with or without PIN or crypt functions like a smart card, in the style of the USB disk.
They are not limited to the 0.8 mm in thickness and therefore they can be probably inexpensively equipped with more memory.
You can find an USB port more frequently in the computer equipment than a Smart Card reader as well.
Anyway I present only my own opinion. I have not consult it with Dominik so far.
Why not use the smart cards private key to secure the database? Currently I use my Aladdin eToken with putty and pagent to automate my logins to various machine I own. It would be great to be able to point to a smart card for the pin to open a database.
I'm about to embark on a project to develop a KeePass plugin for a similar purpose: using chipcards as a replacement for key files.
See the discussion thread here.
Log in to post a comment.