.png)
Summary
- Raspberry Pis are versatile security tools, from pen testers to one-time password generators.
- The Pi Pico W project allows for the generation of one-time passwords using an HMAC-based algorithm.
- You can create the password generator using simple hardware and offline functionality, ensuring data security.
Raspberry Pis may look inconspicuous, but they can be really powerful security tools. We've seen them as pen testers, and we've also seen them use cameras to keep an eye on physical things. The best part is that, because you make the security tool with your own hands, you know exactly what is and isn't lurking within the code. No more trusting a third party to keep your data safe.
Well, how about using your SBC to host a password generator? That's exactly what this one project sets out to do, and if you like, you can make one at home too.
Related
7 creative uses for Raspberry Pi you probably haven’t tried yet
Your Raspberry Pi is good for more than just a media center or retro game emulator
This Raspberry Pi Pico W project lets you generate one-time passwords whenever you please
In a post on Hackster.io, tinkerer DQuadros posted their latest project. Titled "Building a One-time Password Token with the Pi Pico W," this project does exactly what it claims to do; it lets you generate a six-digit code that you can use to log into services.
Here's how the project is described:
In this project, we build a device that generates HMAC-based one-timepasswords (HOTP), based on a counter and a secret key. The algorithm used is described in RFC 4226, and is the same employed by many sites (like Github) and applications (like Google Authenticator).
The counter is created from the current UTC time. To account for clock variations and user response times, the counter is incremented every 30 seconds. To obtain the counter, we connect to a WiFi network, get the current time using the NTP protocol and divide the current time by 30.
In terms of hardware, you don't need a lot at all; the bill of materials lists out a Raspberry Pi Pico W, an OLED display, and MicroPython for the coding. Once you're all set up, you can press a button and have a six-digit passcode appear on the screen. Very elegant.
If you want to read more about how this technology works, plus learn how you can make your own, head over to the inventor's BlogSpot page. There, DQuadros breaks down how the system generates its codes and how you can design your own one-time password creator. They also claim you can run the password generator offline; as long as the date and time are correctly set within the board, it doesn't require an internet connection to get you a code.
If you like the idea of turning your SBC into a security powerhouse, you're not alone. People have found all kinds of ways to turn their Raspberry Pis into handy security tools for everyday use. For example, you can use one to secure your network or even have it host a password manager.
English (US) ·