suitable for "continuous carry" (gun nuts should like this term),
convenient to use,
suitable for most if not all of everyday's password needs, not only
on the PC but also, say, for credit/debit card PINs,
open design that can be reviewed by anyone.
One could summarize most of this as "practical security".
Who will buy the Password Safe?
Basically, anyone who needs to handle more passwords, PINs, etc., than
they can easily remember and who isn't happy with just jotting them down
on a piece of paper. Middle-class spending profile.
What the device will do
store and display or replay PINs, passwords, passphrases, and related
replay is by acting as "USB keyboard", either by wire or ("secure")
content of device is protected against theft, etc., by PIN/code and
can also implement challenge-response schemes (TBD) which are more
secure than traditional passwords,
flexible security structure, allowing for accounts with weaker or
stronger protection (e.g., Twitter vs. e-banking),
can generate/propose random passwords,
roughly the size of a cigarette lighter (i.e., pocketable),
runs from easily replaceable standard batteries,
intentionally limited in functionality to avoid security issues
known from PCs, smartphones, etc.
At a reasonably large volumes, maybe 10k+, a retail price below USD 100 for the
whole kit should be feasible. But that's just guesswork. Real cost
figures also include logistics, accounting, support, legal, let's not
forget taxes, etc. We'd have to involve someone who actually knows
how to calculate such things when the time comes to think about larger
A first design of electronics, basic software, and also a prototype case was completed in early 2014. That design showed that the basic architecture worked but a number of things weren't as great as expected (e.g., the thumb wheel for user input or the RF solution.)
Therefore, a revised design was made during 2014 and is currently being evaluated. I expect to have something I can actually use around the end of 2014, beginning of 2015.
That's assuming nobody else makes substantial contributions to the
project. At the early stages, there probably aren't that many options
for cooperation, but the more it advances, the more possibilities.
Once a functional prototype is done, there
can be several continuations, including:
maybe interest will have died by then,
maybe there will be interest in making and financing a small number
of "developer edition" devices,
maybe there will be interest but people won't like my design and
someone else has a better one, so there'd be a switch/fork/diaspora,
maybe millions will be gathering in the streets, demanding that it
be mass-produced "as is" immediately ;-)
NON-goals for Password Safe
will NOT have "military-grade" security. Extreme security requires
specialized components and design procedures (drives up the cost by
orders of magnitude) and also demands operational procedures from
the user few people would be willing to endure.