[pdkl95]

Something I really wish existed: a very cheap, pocket key chain size, battery powered USB device that stores crypto keys and OTP pads. The idea is that you set it up (plug it into a PC or phone) with an identity and contact information (in the spirit of vCard). The key feature of the device is that touching two of the devices together should automagically exchange identify information, generate and exchange public keys, and continue filling all available storage with shared noise usable for OTP. Each side generates their own random[1] stream of data and shares it with the other device; both sides then XOR the two streams of data together and stores it locally.

After exchanging keys and pads in person, plug the device into a computer like a flash thumbdrive, and (with hypothetical software support) both people can now use the keys for end-to-end encryption without having to worry about authentication, and a utility could perform OTP while keeping track of how much random pad is remaining. If they want more pad, leave the devices plugged in longer. The actual encryption should be performed on the device, so the host computer never sees the keys/pad.

As long as crypto is hard to use, people will rely on centralized men in the middle. A key chain dongle that you could simply connect to your friend's dongle for a few seconds (or longer, if desires) is easy. Instead of trying to solve the entire authentication problem with PKI or web-of-trust, you let people solve the authentication problem themselves, using the social skills they already have. Yes, this isn't useful for communicating with someone you cannot meet physically; use some other solution for those situations.

(Imagine if this became popular and you could simply go to the local branch of your bank and plug your crypto dongle into a kiosk that generates a few months worth of random pad data so all of your online banking is secured by OTP)

[1] OTP requires truly random data, which probably requires some type of hardware entropy generator. Perhaps something like this: http://holdenc.altervista.org/avalanche/

[inetknght]

> a very cheap, pocket key chain size, battery powered USB device that stores crypto keys and OTP pads.

Yubikey fits pretty close, I think. What purpose would you need it to be battery powered if it's USB?

[pdkl95]

> Yubikey

The Yubikey has similar storage features and is the perfect size and shape. Unfortunately, it's missing the main feature I'm talking about: easy inter-device communication.

> What purpose would you need it to be battery powered if it's USB?

It needs to be self powered because

>> The key feature of the device is that touching two of the devices together

I want people to be able to protect their communication with someone simply by meeting them in person and touching their USB crypto devices together. It should be a device someone stores on their person along with their other security devices like their house/car keys. The goal is to make the crypto easy so the individual can use it in situations where they already solved the authentication problem. If exchanging keys with someone depends on something complex like a computer or phone, a lot of people won't use it.

[m-p-3]

Keep the device without a battery, and instead rely on a USB battery pack to power it in the field for in-person OTP transfer.

[magicalhippo]

For the physical hand-shake key-exchange mentioned?