I made a thing for my personal use and was curious if others might find this useful as well.
I first saw USB Rubber Ducky a couple years back and thought that style of key injection would be perfectly reasonable for something like a hardware password vault. Even in homelab space i often found that long passwords were difficult to type in if i needed a direct login for something like proxmox or pfsense if say i needed to reconfigure networking again because i changed a setting and broke it. In the professional space being able to set strong passwords for laptop pins or AD passwords where they rotate every 30-90 days but was not allowed access to a software password manager.
The premise is basically load an sd card (considering eMMc storage as an more durable alternative but sd card module was already on hand), with credentials in json format, an encryption key is generated and stored in EPROM and used to encrypt the plaintext file (when one is detected). Then a fingerprint reader is used to unlock the device. The device would present itself as a keyboard (support for bitlocker is hit or miss, some machines pick it up some don't) and spit out the password into whatever text box that is needed.
Joystick and buttons to navigate the device, with some additional settings and such to do like a factory reset or configure lockout/device erasure. No batteries to deal with, pull power from also ensuring that the in memory credentials are only available while plugged into the machine.
I was considering writing a desktop application for it to auto generate the credentials file instead of manually and integrate it with things like bitwarden, 1password, etc. to directly load passwords from software/cloud based password managers depending on how often i found it useful.
Thoughts?
Is there another product that already does this? Something like onlykey was the closest i was able to find.
Also i get that hardware security keys are superior but they're not always an option.
I first saw USB Rubber Ducky a couple years back and thought that style of key injection would be perfectly reasonable for something like a hardware password vault. Even in homelab space i often found that long passwords were difficult to type in if i needed a direct login for something like proxmox or pfsense if say i needed to reconfigure networking again because i changed a setting and broke it. In the professional space being able to set strong passwords for laptop pins or AD passwords where they rotate every 30-90 days but was not allowed access to a software password manager.
The premise is basically load an sd card (considering eMMc storage as an more durable alternative but sd card module was already on hand), with credentials in json format, an encryption key is generated and stored in EPROM and used to encrypt the plaintext file (when one is detected). Then a fingerprint reader is used to unlock the device. The device would present itself as a keyboard (support for bitlocker is hit or miss, some machines pick it up some don't) and spit out the password into whatever text box that is needed.
Joystick and buttons to navigate the device, with some additional settings and such to do like a factory reset or configure lockout/device erasure. No batteries to deal with, pull power from also ensuring that the in memory credentials are only available while plugged into the machine.
I was considering writing a desktop application for it to auto generate the credentials file instead of manually and integrate it with things like bitwarden, 1password, etc. to directly load passwords from software/cloud based password managers depending on how often i found it useful.
Thoughts?
Is there another product that already does this? Something like onlykey was the closest i was able to find.
Also i get that hardware security keys are superior but they're not always an option.
