About Me

I ramble about a number of things - but travel experiences, movies and music feature prominently. See my label cloud for a better idea. All comnments and opinions on this blog are my own, and do not in any way reflect the opinions/position of my employer (past/current/future).

12 December 2012

Aladdin - Password on a USB Stick

When Alvin first showed me his prototype for Aladdin in London 2 months back; I was a bit sceptical - and asked the question everyone seems to be asking - what if you lose it? It is a good question - but that is not what Aladdin is trying to solve - it is trying to solve a bigger problem - trying to remember, ever increasing numbers, of complex set of random alpha-numeric characters we call passwords. It is a far cry from Ali Baba, when all that was needed is "Open Sesame" (which incidentally is quite a strong password). 

The genius in Aladdin is that it works on almost any device that recognises USB keyboards. It generates and stores a set of randomly generated alpha-numeric characters;  and combining the key with another key or some input of your own (effectively salting the password) makes it a very versatile device for managing passwords. 

I think it is a brilliant concept; and one worth supporting. In corporates I have had exposure to; password management is a significant cost in IT; and this is a very neat concept in managing passwords. The problem of losing the devices remain with two exploits that come to mind - using the key itself to access systems (which can be addressed through some salting techniques) or resetting the affected passwords themselves. But for the normal user, I think these threats are compensated by the benefits of having a simple way to have strong secure passwords.

I think it's a worthwhile project; and I hope it gets full funding. I have ordered mine :)

Project Link on indiegogo: http://www.indiegogo.com/aladdin-key


d3ad0ne said...

The idea is not unique, as the Yubikey can be used to do the same as the "Aladdin Key" and both are opensource products. The difference being the Yubikey can hold two unique passwords while the Aladdin key only supports one.

Anonymous said...

Same is going on @hak5.org - The USB Rubber Ducky project

alapan said...

I didn't know of Yubikey - and there is an interesting ecosystem out there. Certainly looks interesting!

And the USB Rubber Ducky project is a lot more than just a password store; so I hadn't really considered it.

Chief said...

Although the fact that YubiKey also types passwords, the biggest difference would be that Aladdin is fully open source and does not depend on an authentication server on the internet like YubiKey does. Aladdin also costs less and has a better case.

Obviously there are many different things that can do similar stuffs.