Skip to content

Latest commit

 

History

History

wuabit-dust-sha256

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
platformio.ini
platformio.ini
 
 

README.md

About

Wuabit Dust vSHA-256 is a 256bits password/key usb generator targeting to be the most affordable hardware based generator device in the world, period.

It's using one of the most tiny/cheapest arduino boards: The open-source Digispark board. You can find it for less than 2€ on internet.

Here is a photo of the device:

Original Digispark

Pull requests are always welcome.

Features

  • Plug-and-play: As it works as a standard USB keyboard
  • 32 bytes of key length generation (256 bits)
  • High entropy of > 7.99 bits per byte (see tests and compare to eg. Trezor random tests).
  • Stores key/pass in internal eeprom memory with more than 100,000 cycles of writes assured.
  • Uses the ATtiny85 microcontroller from Atmel now MicroChip, one of the most ubiquitous 8-bit mcu.

How it works

This version of Wuabit Dust generates ONE UNIQUE KEY and stores it in the permanent memory (eeprom) of the ATtiny85. But it's able to generate MANY KEYS. To force the device to generate another key, just leave it connected for a while (1min).

  • Plug it to an USB port (works even in Android with USB-OTG)
  • First time will check if its initialized.
  • Will collect enough entropy (randomness) using an internal hardware clock (the WDT): 256bits total.
  • The result will pass a SHA-256 hash function to whitening the initial entropy.
  • The result hash will be stored to eeprom memory as the result key. Also store a flag to know it's initialized/ready.
  • The generated key will be sent as keyboard keystrokes of characters from 0-9 and a-f (hex codes).

The next time the device is plugged-in the same stored key will be sent.

If device is left connected after it sent the key from eeprom, a timeout starts and the onboard led will begin to flash slowly, then faster and faster until regenerates another key, overwriting the previous stored key.

Security warning

This device generates a key in hardware, but writes it via usb-keyboard emulation, so if the target machine is compromised with a keylogger then the key can be stolen. The same if it's sent to a compromised/evil online service etc...

Installation/Build

The installation and build process is managed multiplatform by PlatformIO CORE or IDE. It can be easily installed in any OS with python.

Once installed simply execute (on cli core):

platformio run -t upload

Or click upload via the IDE.

Credits

Entropy A great WDT based entropy generator for the Atmel AVR series 8-bit microcontrollers found in Arduino boards.

usha256 a tiny SHA-256 message digest implementation for AVRs.

License and copyright

This project is licensed under the GNU GPL v3 (see license).

(c) 2018 by Manuel Polo a.k.a @mrmx