GeekOTP: an hardware TOTP generator for SUSEID
an idea by ecandino
Updated about 12 hours ago. 1 hackers ♥️. 2 followers. Has no hacker: grab it!

drawing

Description

GeekOTP is a SUSE Hackweek project aimed at building a multi-account, physically secure Time-based One-Time Password (TOTP) generator using the Raspberry Pi Pico 2 W and the TinyGo environment.
The device functions as a dedicated, trusted hardware token, emphasizing both security and user-friendly provisioning.

The device leverages its built-in Wi-Fi to enable a custom Over-the-Air (OTA) update capability. When triggered, the Pico 2 W hosts a minimal TinyGo HTTP server that listens for an updated bundle of encrypted secrets. These secrets are protected using AES symmetric encryption, where the decryption key is uniquely derived from the user's secret directional combo and the device's Chip ID, providing strong hardware-bound security.

Goals

The primary goals are to explore advanced embedded programming, secure network server functionality, and hardware-backed security principles:

  • Pico 2 Hardware Mastery: Utilize the TinyGo environment to configure and drive all required components: the RP2350's Wi-Fi module, an external OLED display, and the 6-button directional keypad.
  • Secure Over-the-Air Provisioning (OTA Push): Implement a robust TinyGo HTTPS server that the device hosts itself to securely receive and store the encrypted multi-secret bundle pushed from an external computer.
  • Cryptographic Secret Management: Implement the necessary cryptographic primitives in TinyGo (specifically AES decryption) to decrypt the multi-secret bundle.
  • Hardware-Bound Security: Implement a Device-Specific Encryption scheme by deriving the Master Key from the user's secret directional combo and the Pico 2's unique Chip ID. This secures the secrets against simple physical extraction.
  • User-Friendly Security: Design and implement the firmware to use the 6-button keypad to recognize a complex directional combo sequence for fast unlocking and session management.
  • Multi-Account Functionality: Implement a persistent and navigable data structure in firmware to cycle through and generate TOTP codes for various accounts (e.g., SUSEID, GitHub, etc.).

Resources

No Hackers yet

Join this project

Looking for hackers with the skills:

Nothing? Add some keywords!

This project is part of:

Hack Week 25

Activity

  • about 11 hours ago: juliogonzalezgil liked this project.
  • about 12 hours ago: ecandino originated this project.


    • Comments

    Be the first to comment!

    Similar Projects

    This project is one of its kind!