Has anybody tried to turn the Arduboy into a U2F (Universal 2nd Factor)? A U2F device communicates using the HID, essentially mimicking a keyboard. Since the Arduboy can do that, too, it should be possible to use it as U2F. And since it has a screen one could also show the website name or other information before the user presses the button to confirm or not.
As simple search for “password” turns up a few things related to this.
Interesting idea. I just read link below and the lack of a precise RTC might be the killer.
From what I understand U2F does NOT need an RTC.
OK … then it sounds like it could be done. I assumed U2F was like 2fa and required time synchronisation.
Even if so you could always tell your Arduboy what time it was when you needed to use it to authenticate… that would of course require a reliable time-source nearby and granular enough timing that you’d have time to enter the time and then still use the code… so perhaps it’s not that great of an idea. In my experience with 2FA rotating codes they change like every 15-20 seconds or so.
I am planning to try to implement U2F on an Arduboy. Basic background information can be found here https://en.wikipedia.org/wiki/Universal_2nd_Factor
Somebody has already built something like it for Arduino Leonardo here https://github.com/pagong/arduino-yksim Looks doable and would be a really neat application for the Arduboy.
Once communication is established, the application exercises a challenge–response authentication with the device using public-key cryptography methods and a secret unique device key manufactured into the device.
Good luck but I’d get worried when I see “public-key cryptography” given the RAM/ROM/CPU limitations, but maybe its all much simpler than it sounds at first glance. But if you need some crazy complicated crypto library then I’d say you’re looking at a non-starter.
But feel free to prove me wrong.