Forget Passwords.Use JAR

11 points by moujan ↗ HN
JAR is getting rid of passwords. On every device. You can replace all of your passwords with this beautiful piece of hardware. JAR turns your finger into what is needed to access your private data, connect to friends and internal company networks or wire money.

JAR is the first biometric crypto-key for end customers: it turns your finger into what is needed to securely log in or register or access any kind of data (without letting any 3rd party access your fingerprint, ever). Its encryption is based on a 2048 Bit RSA-key pair, containing a public and a private key, where there private key is stored on a secured chip on the JAR, encrypted with your fingerprint.

The source code of the encompassing software solutions will be made open source, completely.

JAR (yourjar.de) is now on Kickstarter (https://www.kickstarter.com/projects/itisonyou/forget-passwords-use-jar). Every feedback or suggestions are highly appreciated!

4 comments

[ 2.6 ms ] story [ 21.3 ms ] thread
Clickable link - https://www.kickstarter.com/projects/itisonyou/forget-passwo...

Side note, this may have been better as "Show HN" link submission.

Thanks :)
Since it doesn't look like you have anything people can actually play with, it doesn't work well as a "Show HN".

Also: your submission is effectively penalized, because instead of just submitting the Kickstarter link, you submitted a text story.

In the kickstarter page, you say that "a private key is stored, which is encrypted using military-grade encryption methods with his fingerprint". How does this work? It seems to me that there is no way of encrypting data with a fingerprint (since it varies drastically depending on how it is placed on the scanner). So are you encrypting the RSA priv key with the fingerprint or just checking the fingerprint before using the key?

Also, how are you planning on getting websites to use jar for authentication?

Another question: "fully-encrypted cloud storage". But previously in the description you say "losing your JAR does not create a continuous lock-out for the user". How does this work?

How much storage is available on the jar?

Also, you say "The private key stored on your JAR is generated when setting JAR up for the first time, using your fingerprint as a random input". Do you have another source of entropy for the jar? Because a fingerprint does not have that much entropy (certainly not enough for a 2048 bit encryption key).