Novice here, shoplist&brainstorming, ESP as OTP, help wanted
Posted: Sun Mar 12, 2017 6:17 am
Hi, first post here, hope without breaking forum rules
This is my story:
I haven't found in the industry a cheap and not-third-party-dependant hardware OTP generator, so I'm going to make it, with my own algorithm, let's simply call it "open2fa key".
For this purpose I need:
- A small microcontroller with basic hashing capabilities
- A display
- A Wifi controller to pair token seeds and do ntp sync
- A micro switch to turn on the open2fa key
- A RTC*
The display I'm going to use may be the following:
http://www.buydisplay.com/default/0-91- ... e-on-black
cause it's very small, and I love the format: I want, in the end, to make something that can be attached to my keychain. My inspiration for the design comes from the well-known "RSA SecureID" OTP generator.
My questions are the following, and they're mainly hardware related:
Is the ESP01 suitable for this purpose? I've seen the pinout and if I'm not wrong, I can configure the GPIO as i2C (sorry if I've misunderstood how the thing works, I repeat what I wrote in the subject: total novice here) to feed the display: https://www.letscontrolit.com/forum/viewtopic.php?t=293
In this scenario, with the current algorithm (where timestamp have weight) I need to connect the ESP to a wifi to sync the timestamp, everytime, cause it's off for most of the time.
I can also code a small android app for this purpose, but I actually dislike this design: to "compete" with something like an RSA SecureID the token should be 100% stand-alone.
* Here comes an RTC.
The lifetime of RTCs is awesome, they last years with a small CR battery. What discouraged me is the cost. For a small i2c RTC I've seen only 15$ stuff (https://www.sparkfun.com/products/12708). Nope.
The second question is, so, are you aware of a very-very-cheap and small sized RTC out there?
I can think about a timestamp-less algo with deterministic generation of tokens from a shared seed and server-side error correction when the entities go unsynched (i.e., you generate tons of OTPs without using them), but looks like a messy patchwork, I would love to use the timestamp.
Finally, the power consumption.
With two paired CR batteries I can get up to 180mAh, and this table from espressif gives me hope:
Given the OTP is by design used for a very short time, looks like the whole thing can work, but what got my attention is the "deep sleep" mode. The third question is so about this mode. Can an ESP in deep-sleep mode be able to act as a RTC, once in sync ?
So, brainstorming is open, I hope this will drive me into something sensible, and a so github repo of the project will follow, thanks for your help
This is my story:
I haven't found in the industry a cheap and not-third-party-dependant hardware OTP generator, so I'm going to make it, with my own algorithm, let's simply call it "open2fa key".
For this purpose I need:
- A small microcontroller with basic hashing capabilities
- A display
- A Wifi controller to pair token seeds and do ntp sync
- A micro switch to turn on the open2fa key
- A RTC*
The display I'm going to use may be the following:
http://www.buydisplay.com/default/0-91- ... e-on-black
cause it's very small, and I love the format: I want, in the end, to make something that can be attached to my keychain. My inspiration for the design comes from the well-known "RSA SecureID" OTP generator.
My questions are the following, and they're mainly hardware related:
Is the ESP01 suitable for this purpose? I've seen the pinout and if I'm not wrong, I can configure the GPIO as i2C (sorry if I've misunderstood how the thing works, I repeat what I wrote in the subject: total novice here) to feed the display: https://www.letscontrolit.com/forum/viewtopic.php?t=293
In this scenario, with the current algorithm (where timestamp have weight) I need to connect the ESP to a wifi to sync the timestamp, everytime, cause it's off for most of the time.
I can also code a small android app for this purpose, but I actually dislike this design: to "compete" with something like an RSA SecureID the token should be 100% stand-alone.
* Here comes an RTC.
The lifetime of RTCs is awesome, they last years with a small CR battery. What discouraged me is the cost. For a small i2c RTC I've seen only 15$ stuff (https://www.sparkfun.com/products/12708). Nope.
The second question is, so, are you aware of a very-very-cheap and small sized RTC out there?
I can think about a timestamp-less algo with deterministic generation of tokens from a shared seed and server-side error correction when the entities go unsynched (i.e., you generate tons of OTPs without using them), but looks like a messy patchwork, I would love to use the timestamp.
Finally, the power consumption.
With two paired CR batteries I can get up to 180mAh, and this table from espressif gives me hope:
Given the OTP is by design used for a very short time, looks like the whole thing can work, but what got my attention is the "deep sleep" mode. The third question is so about this mode. Can an ESP in deep-sleep mode be able to act as a RTC, once in sync ?
So, brainstorming is open, I hope this will drive me into something sensible, and a so github repo of the project will follow, thanks for your help