calc.pw: Reimplementation Kick-Off

07.04.2022 yahe calcpw code hardware raspberry security update

About a decade ago I presented a hardware-based password calculator called calc.pw which generates passwords based on a single strong password and a service-dependent information, thus allowing you to use individual passwords for each of your services without having to care for a password database. I even presented it at a few conferences.

In the meantime much better microcontrollers have become available and my understanding of cryptography and password generation have improved as well. That is why I have kicked-off the reimplementation of calc.pw! 😃

1. What will stay?

  • calc.pw will continue to use off-the-shelf components so that people can build it themselves. It will therefore also remain open-source software and hardware.

  • calc.pw will remain stateless. Break your hardware, build it anew and you will be able to calculate the same passwords as before. The password calculation does not depend on hardware-specific or random values that need to be kept somewhere.

  • calc.pw will provide a software-only implementation. There will be situations where you do not have your calc.pw hardware at hand but need one of your passwords. The software-only implementation is going to be cross-platform just as before.

  • The calc.pw password calcuation will continue to use two different cryptographic algorithms in conjunction to protect the initial password. The input for the calc.pw password will still be a single strong password and a service-dependent information.

  • calc.pw will continue to act as a keyboard to send the generated passwords.

2. What will change?

  • The calc.pw password calculation will use different cryptographic algorithms and they will work together differently. The password encoding will also change to be less predictable and instead follow industry best-practices.

  • The way the information has to be entered in order to define the length, character set and enforcement of characters will change. Instead of appending all those extra values to the information, you will instead prefix trigger flags to the information for the length (#), the character set (*) and the enforcement (!). calc.pw will then ask for the length and the character set individually. Hopefully, this change will improve the usability.

  • calc.pw will use the Raspberry Pi Pico hardware and the RP2040 microcontroller in the future instead of the Arduino platform. It is not only much cheaper but also much more powerful and enables the implementation of much stronger cryptographic algorithms.

  • calc.pw will not be connected between a keyboard and the computer anymore. The man-in-the-middle approach was fun to work with, but not very useful when sitting in front of a notebook or when using a smartphone. Instead, calc.pw will use an integrated keypad and T9-style character input. Thanks to that calc.pw will be a portable and handheld device!

  • calc.pw will have a PCB schematic so that soldering will be much easier.

3. What has been done?

  • The calc.pw password calculation has already been designed, including the key expansion that converts the password and information into a pseudo-random byte stream as well as the password encoding. The cryptographic algorithms used are PBKDF2-SHA-256 and AES-256-CTR. The password encoding uses rejection sampling to prevent modulo bias.

  • The calc.pw password calculation has been described in detail, including schematics of the calc.pw key expansion as well as rationales as to why certain constructs have been chosen.

  • A PHP-based reference implementation of the calc.pw password calculation has already been published called calcpw.php. It should not be used for productive use as it does not clean-up the used memory, but it is useful for experiments and tests. The results of the production-ready implementation will be compared against the output of this reference implementation.

  • Based on calcpw.php the calc.pw key expansion underwent a full dieharder test run to check the randomness properties of the pseudo-random byte stream. Furthermore, the calc.pw password encoding underwent a statistical test to make sure that it does have a modulo bias.

  • All relevant parts for the first few prototypes have been sourced.

4. What is coming next?

  • To get the first production-ready implementation up and running, I am currently working on a Swift-based implementation of the calc.pw password calculation so that it can be used on iOS devices.

  • Afterwards, the calc.pw password calculation will be implemented in plain C so that it can be compiled for Linux, macOS and Windows. The C implementation will also be the basis for the code that is going to run on the microcontroller.

  • When the calc.pw password calculation is running on the RP2040 microcontroller, the first prototype can be built that contains all the peripherals as well as the final UI elements.

  • Finally, the PCB schematic can be designed and a test PCB batch can be ordered.

5. Final words

As you can see, a lot of work has already gone into the reimplementation of calc.pw, but there is still a lot to do. The single tasks will have to fit into an already-tight time schedule, so I will post updates when major progress has been made. I hope you are just as excited as I am. Things are looking great so far. 😁

Update

The calc.pw password calculation algorithm has been implemented as a free iOS app that can also be installed on Apple Silicon MacBooks. The website of the calc.pw project has been completely redesigned. The whole source code of the iOS app is available on Github.

Search

Profiles

Github yahesh

Mastodon @yahe@chaos.social

Categories

administration (45)
arduino (12)
calcpw (3)
code (38)
hardware (20)
java (2)
legacy (113)
linux (31)
publicity (8)
raspberry (3)
review (2)
security (65)
thoughts (22)
update (11)
windows (17)
wordpress (19)