Most Excellent. I've registered on Gitorious, user name is ronkjeffries. After logging in, I searched "pwsafe" and found what seems to be a different project, a Linux program.
Not sure if that matters, just curious. I will attempt to put your project overview in the wiki on your Gitorious, if that is OK. Ron K Jeffries --- Ron K. Jeffries 805-567-4670 On Sat, Sep 14, 2013 at 12:41 AM, Werner Almesberger <[email protected] > wrote: > Ron K. Jeffries wrote: > > This discussion on the list is great. But it might also be useful to > > maintain (using some web tool, but not on mail list) a simple, short > > "Password Safe Requirements" document. > > Yeah, or a "project overview" (high-level, without the gory technical > details.) Let's give it a try ... > > > >> Project description, including > > .. what problem the password safe solves > > Main objectives: > 1) medium "hard" password/account storage, > 2) suitable for "continuous carry" (gun nuts should like this term), > 3) convenient to use, > 4) suitable for most if not all of everyday's password needs, not only > on the PC but also, say, for credit/debit card PINs, > 5) open design that can be reviewed by anyone. > > One could summarize most of this as "practical security". > > > .. what sort of person will buy the device > > Basically, anyone who needs to handle more passwords, PINs, etc., than > they can easily remember and who isn't happy with just jotting them down > on a piece of paper. Middle-class spending profile. > > > .. what the device will do and general characteristics, (but NOT how it > is > > implemented) > > - store and display or replay PINs, passwords, passphrases, and related > information, > - replay is by acting as "USB keyboard", either by wire or ("secure") > wireless, > - content of device is protected against theft, etc., by PIN/code and > encryption, > - can also implement challenge-response schemes (TBD) which are more > secure than traditional passwords, > - flexible security structure, allowing for accounts with weaker or > stronger protection (e.g., Twitter vs. e-banking), > - can generate/propose random passwords, > - roughly dumbphone-sized (to be confirmed), > - runs from easily replacable standard batteries, > - intentionally limited in functionality to avoid security issues > known from PCs, smartphones, etc. > > > >> rough cost targets > > low quantity (n~= 100) > > modest qty (n~=1000) > > Hard to tell at the moment. This is still in the technical exploration > phase. 100 units doesn't really make sense for commercial exploitation. > (You'd have to work at military / medical margins to be profitable at > such numbers.) Maybe USD 100 before taxes for the password safe, USD > 30 for the RF dongle (or use atusb), USD 20 for the Y-Box, to at least > cover immediate production costs. > > At large volumes, maybe 10k+, a retail price below USD 100 for the > whole kit should be feasible. But that's just guesswork. Real cost > figures also include logistics, accounting, support, legal, let's not > forget taxes, etc. We'd have to involve someone who actually knows > how to calculate such things when the time comes to think about larger > volumes. > > > >> target date for first proto > > For the electronics and basic software, maybe end of November 2013. > A prototype case maybe 1-2 months later. So let's say early 2014 for > something I will be able to use. > > That's assuming nobody else makes substantial contributions to the > project. At the early stages, there probably aren't that many options > for cooperation, but the more it advances, the more possibilities. > > Once the first prototype design (which will involve the making of a > number of prototypes in various states of dysfunction) is done, there > can be several continuations, including: > > - maybe interest will have died by then, > - maybe there will be interest in making and financing a small number > of "developer edition" devices, > - maybe there will be interest but people won't like my design and > someone else has a better one, so there'd be a switch/fork/diaspora, > - maybe millions will be gathering in the streets, demanding that it > be mass-produced "as is" immediately ;-) > > > >>NON-goals for project (optional, but can be useful) > > Hmm, some: > > - won't have "military-grade" security. Extreme security requires > specialized components and design procedures (drives up the cost by > orders of magnitude) and also demands operational procedures from > the user few people would be willing to endure. > > - won't aim for low-cost, your USD 16 phone being an extreme example. > There's no way to beat such things. Think more along these lines: > http://www.mobilephonehistory.co.uk/lists/phones_by_price.php > > > If you sorta kind like the idea, I volunteer to create the document based > > on your input. > > Great. Thanks a lot ! > > > There are a few web systems designed for collaborative writing, often > using > > Markdown syntax for formatting. > > Sounds good to me. I've created a project on gitorious: > > http://gitorious.org/pwsafe > > gitorious also offers a git-based Wiki, so one can easily combine the > usual Web editing with local editing and even automated tools. (E.g., > to generate certain tables.) > > The Wiki is here: > http://gitorious.org/pwsafe/pages/Home > > It's currently "writable by anyone" (this may mean "anyone with a > gitorious account"). > > > These requirements are already known, but have evolved over multiple > > messages in the email flow. > > And probably will continue to evolve :) > > Thanks a lot ! > > - Werner > > _______________________________________________ > Qi Hardware Discussion List > Mail to list (members only): [email protected] > Subscribe or Unsubscribe: > http://lists.en.qi-hardware.com/mailman/listinfo/discussion >
_______________________________________________ Qi Hardware Discussion List Mail to list (members only): [email protected] Subscribe or Unsubscribe: http://lists.en.qi-hardware.com/mailman/listinfo/discussion
