elective-stereophonic
elective-stereophonic
Show Posts - Gr4ssh0pper
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.12.2

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Gr4ssh0pper

Pages: [1]
1
Nxt General Discussion / NXTkey - Community fund bounty request
« on: June 05, 2014, 07:46:47 pm »
1. Nxt account and userID/contact info for submitter

userID: gr4ssh0pper
NXT account: NXT-8573-EJTH-JSWS-GH5FG


2. Submission date

05th June 2014


3. A short description of the project with your goals very clearly specified(three sentences max.)

Developing an open source USB transaction signing device which makes sending NXT absolutely secure.


3b. Long description as needed

I will develop an open source USB transaction signing device to make NXT transaction signing absolutely secure. The first version of the NXTkey is already build and the basic functionality is working. (USB communication / OLED driver etc.) By funding my development I will be able to build a second generation hardware with a more capable microprocessor which can also handle the transaction signing. The hardware is going to be an open source reference design which shows how to implement USB transaction signing. Im planning to build at least 10 prototypes from the first funding. I will give them for free to the community and beta testers. Maybe the community could start an auction for these 10 prototypes and return the earned money back to the community fund. I'm in contact with Graviton to implement USB communication into offspring which will be the first client supporting the NXTkey.

I'm not planing to sell these devices on my own. Everyone is free to sell them after I released the open source production data.

The actual project status can be found here:

https://nxtforum.org/nxtkey/nxtkey-project-status/
https://nxtforum.org/nxtkey/nxtkey-some-pictures-and-i-think-they-look-great-d/





4. Specify the target audience

Anyone and everyone!


5. Budget

Goal 1: 20k NXT immediatley for building 10 prototypes based on the second generation hardware

Goal 2: 75k NXT for a) open sourcing all documents necessary to produce the NXTkey and b) a working software which enables yubikey style passphrase handling (not super-secure)

Goal 3: 150k NXT for a working USB transaction signing software based on the NXTkey and supported by Offspring


6. Specify deadlines

Deadline tbd but at least 6 weeks. I will post updates and pics as soon as possible. Please check my last timeline I think I've managed it pretty well.


7. Personal Information

I'm a hardware engineer with over 10 years experience. I'm invested in NXT since february and started reading the btt monster thread on a daily basis. This forum is the best thing that happened to the NXT community and it is a joy to be a part of it!

Feel free to ask what ever you like about my project!


 

2
NXTkey / NXTkey - Some pictures and I think THEY LOOK GREAT :D
« on: May 08, 2014, 03:56:58 pm »
This is going to be the "official" picture thread. The actual project status can be found here: https://nxtforum.org/nxtkey/nxtkey-project-status/

Today I received the PCBs from china 5 days earlier than expected, yeah!  8)





3
General / Passphrase max size
« on: May 06, 2014, 07:41:05 am »
Hi @ all,

I'm wondering what the real maximum size of the passphrase is. I have read 100 chars but some state 120-130. What happens when a passphrase with 300 chars or even higher is used?

Also: Which characters are allowed? Is there a complete list?

I need this information to know how to store passphrases in my NXTkey.


4
NXTkey / NXTkey - Project Status
« on: April 23, 2014, 11:53:29 am »
Hi @ all,

I would like to show the actual project status of the NXTkey:

What is it?

NXTkey is a USB Device which holds your pass phrase and acts as a USB HID Keyboard device. After a key press the NXTkey types the pass phrase for you. It can hold multiple pass phrases and shows the actual selected account on a 1.3" oled Display. The nxt logo on the pcb acts as a touch key. Holding the NXT logo for a second types the selected pass phrase. Swiping the NXT logo selects another nxt account if there are more than one stored in the device. Software updates are done by pressing the x-key while inserting the NXTkey into the USB port. This will mount the NXTkey as a flash drive and the new software just has to be drag-dropped to the drive. The pass phrases are also stored in the device this way.

The NXTkey is going to be a open source device. I simply don't have the resources to sell it and to bother with customer support (warranty) and UL / CE certification. I would be very happy if someone is going to sell this device in the future! I'm going to build at least 5 to 10 prototypes.

First discussions could be found here: https://nxtforum.org/general/do-we-need-a-usb-transaction-signing-device-hardware-wallet/


Future:

In the future the NXTkey could also act as a transaction signing device after a software update. Your pass phrases doesn't leave the device, transaction are signed onboard. This will give a huge security improvement! Unfortunately the client has to support the communication with the NXTkey, this could be a problem with wesleys javascript based client.


Actual Status:

At the moment I do have a first version of a PCB with schematic and board layout. Maybe somebody could review the files. After this I'm going to order the pcbs in china. This will take about 15 Days. I would be very happy to get feedback!











3D Drawing: http://www.qfpost.com/file/d?g=wFeefDphL
Assembly: http://www.qfpost.com/file/d?g=H4eEauRw6
PCB: http://www.qfpost.com/file/d?g=H99pJ57da
Schematic: http://www.qfpost.com/file/d?g=gak41R4HI
Part List: http://www.qfpost.com/file/d?g=HxvDcus4P


Edit:

I think I need a timeline with milestones to show the progress and to keep working on this project straight forward. I hope my real live will let me do this!

work done:

- April 23, 2014: design Schematic and PCB Layout
- April 26, 2014: review design, fix minor flaws
- April 29, 2014: order PCBs in China, delivery will take about 10 working days
- May 8, 2014: PCBs delivered
- May 9, 2014: ordered parts from BOM, delivery will take 3 days
- May 13, 2014: received the parts today
- May 18, 2014: two PCBs assembled, USB communication with bootloader is working
- May 20, 2014: first software tests with evaluation board and assembled PCBs
- June 1, 2014: basic demo software available with oled display and HID keyboard functionality

ToDo:

- June 8, 2014: working java software available which builds a boot loader image with the pass phrases in it

At the moment I'm running into stack / heap size problems because of too small RAM. PCB redesign necessary to support a bigger controller.   

5
Hi Folks,

I would like to build some kind of transaction signing device which communicates with the wallet software over USB. It should solve the problem of typing the pass phrase all of the time. I would like to discuss my ideas and check if there is a need for such a device.

My first idea was a USB HID Keyboard device with only one key. Pressing the key will give out the pass phrase. The key is made of cooper traces on the pcb which looks like the nxt logo.

pros:

   +very cheap  ( 10$ - 13$ )
   +doesn't need drivers
   +works with every client software instantly

cons:

   -transaction is not signed in this device
   -pass phrase is not secured against keyloggers


This image is a very early test to try the look and feel of such a device. Pressing the nxt logo will print out the pass phrase.






This kind of device would be able to receive transaction details over USB and sign them with the pass phrase but you won't be able to verify the transaction which you are signing because of the lack of a display. So the next idea is a device similar to the TREZOR but much cheaper. It will receive transaction details over USB from the client software, show them on the 1" OLED display of the device and return the signed transaction over USB after a key press by the user.

pros:

   +cheap  ( 17$ - 20$ )
   +pass phrase is not leaving the device
   +secured against keyloggers
   +doesn't need drivers (HID device)

cons:

   -VERY small display (1" OLED 128x64 Dots)
   -needs support from client software
   -unclear if wesleys client is able to communicate over USB with a HID device





My last idea is a device similar to the butterflylabs bit safe. It works the same way as the second device with the oled display but has a bigger 2.8" tft color display and a resistive touch interface.

pros:

   +eye candy!
   +pass phrase is not leaving the device
   +secured against keyloggers
   +doesn't need drivers (HID device)

cons:

   -expensive  ( 40$ - 45$ )
   -needs support from client software
   -unclear if wesleys client is able to communicate over USB with a HID device





All prices are calculated for small quantities and should be 20% to 50% lower in higher volumes. This is going to be an open source project. I don't want to sell these devices and I'm only going to build 10 to 20 prototypes. I simply don't have the resources to struggle with things like warranty and UL / CE certification (-;

So, what are you all thinking about it? Do we need such a device? The biggest problem would probably be the USB communication with the javascript based client from wesley! I really would like to see the device working together with this client!

greetings gr4ssh0pper

 

Pages: [1]
elective-stereophonic
elective-stereophonic
assembly
assembly