All modern PC keyboards, even the feature-packed, fully-programmable customs that we have now, are transparent. By "transparent" I mean that the user presses a key or key combination and the PC receives the single input that is expected by the user. In other words: the user thinks it, the PC gets it. Embedded macros stretch this definition but the property still holds because the PC gets the phrase the user wants to send. (Lets not get into Caps/Num/Scroll lock right now)
This is a wonderful property of keyboards and probably explains why we like them so much. The tactility of the keys are the only feedback needed for complete immersion. Mice don't have as much of this property because you have to look at the screen to see the effect your actions have on the cursor. However, I digress.
I am currently working on a new feature for my own keyboard that will bend this property even more than macros. I'm adding a new function that convolutes key presses for the purpose of entering more secure passwords. Essentially I am embedding a hash function that appears random to the user but is actually deterministic. It's an embedded password generator. A secret string is stored to the keyboard, and a second string is remembered by the user. They are then combined and hashed to result in the actual passphrase.
So, I may choose "my secret convolution phrase!" to be stored in the keyboard's flash, and remember my password as "123456" and when I type "123456" the keyboard outputs the result
"my secret convolution phrase!" # "123456" = "3?DF$^gfdQ#$6F_SD5FsG"
This is NOT encryption. A particularly brutal security researcher may actually call this security by obscurity. However, I suggest that this is significantly better than what most users use. I am trying to protect against compromised service providers, not from local threats. It gives you a password that is essentially impossible to bruteforce from something easy to remember like "123456". Even nicer is that to change a password, you can change either the string you remember or the secret string. Whichever suits your needs! It is obviously best to pack as much entropy into the secret string as possible.
It currently works like this:
* Press the "convolution" key to put the keyboard into password mode
* Type the password. No scancodes are sent to the PC while the user types
* Press Enter or Tab
* The keyboard computes the actual passphrase using the entered keys combined with the stored secret
* The keyboard stores the result in the RAM macro buffer and sends it
* Keyboard goes back to normal mode
The keyboard can store more than one configuration. Each configuration comprises (1) a secret, (2) settings for which characters should end up in the final passphrase (uppers, lowers, numbers, symbols), and (3) how long the final passphrase should be.
Pros:
* powerful passwords from easy to remember strings
* change passwords by changing either the stored or remembered secret
Cons:
* can't see your characters when you type, however this is often the case with passwords anyway
* extra keypresses to slow you down
Alright everyone, what do you think of this? Have you heard of anything like this before? Do you think it would help you be more secure online? Do you think it would be too annoying to use? Do you want to try it yourself? I'm not sure if I want to make the algorithm public, but if you have a Phantom, you'll probably be able to try a prototype soon.