Dongle-Centric design? #9
Description
Hi,
i seen the S3 Dongle by chance while browsing aliexpress and immediately knew i wanted one.
im one of those people that use a different long ass password for everything, but then stores them in a passwords.txt 😅
I'm a backend dev with little experience in microcontrollers, so let me know if im saying something stupid.
In your project, the dongle is an extension of the password manager software, so the passwords are stored on the phone, correct?
For reasons i can't too much get into, all my phones (past and future) are running engineering firmware with unlocked bootloader, so it is NOT a trusted device.
What i wanted was for the dongle to be standalone, i was thinking something like:
Connect it to a PC in "upload" mode, it shows as empty storage with just a text file.
Write the site:username:password to the file, one per line.
On file save, the dongle automatically reads the ram file, parses the credentials and saves them (encrypted) to the SD Card.
When instead connected to a PC or Phone in "normal" mode, it would (with the button) let you cycle the sites available, then doubleclick for confirmation, at that point it would send a BLE request to the phone to ONLY provide biometrics for authentication, kinda of a "greenlight" to type the password.
This way the passwords are stored encrypted on the dongle itself and are non-retrievable via the SD Filesystem due to the storage encryption, and the phone doesn't hold any of them, and if the QWIC port could be used for wiring a laptop-style fingerprint sensor, the phone would not be needed at all.
With your experience with this device, do you think it is possible?