[nickik]

Fantastic. I have been thinking that the best possible thing would be an external device with a screen and a key pad input. This seems to be exactly that.

You need the screen because the protocol includes the concept of an authenticator with a screen, and that allows you to verify the information even more compared to a yubikey or something like that.

[jrexilius]

That was my assessment as well a few years back, which drove the project I'm working on now. I embedded both the authentication (TOTP at the time) and content encryption functions directly into the keyboard and added an internal screen. I had been working through all the attack surfaces of trying to do it in the same kernel space as a compromised node and just decided that was the wrong way to go. Demo of the prototype I built is here: http://www.anomie.tech/deck/anigma-keyboard.m4v

[snakeye]

Thank you! :)

[jrexilius]

I love this project. right approach for the problem. Will pitch in on the code.