

Forget Passwords.Use JAR - moujan

JAR is getting rid of passwords. On every device. You can replace all of your passwords with this beautiful piece of hardware. JAR turns your finger into what is needed to access your private data, connect to friends and internal company networks or wire money.<p>JAR is the first biometric crypto-key for end customers: it turns your finger into what is needed to securely log in or register or access any kind of data (without letting any 3rd party access your fingerprint, ever). Its encryption is based on a 2048 Bit RSA-key pair, containing a public and a private key, where there private key is stored on a secured chip on the JAR, encrypted with your fingerprint.<p>The source code of the encompassing software solutions will be made open source, completely.<p>JAR (yourjar.de) is now on Kickstarter (https:&#x2F;&#x2F;www.kickstarter.com&#x2F;projects&#x2F;itisonyou&#x2F;forget-passwords-use-jar). Every feedback or suggestions  are highly appreciated!
======
teenageSec
In the kickstarter page, you say that "a private key is stored, which is
encrypted using military-grade encryption methods with his fingerprint". How
does this work? It seems to me that there is no way of encrypting data with a
fingerprint (since it varies drastically depending on how it is placed on the
scanner). So are you encrypting the RSA priv key with the fingerprint or just
checking the fingerprint before using the key?

Also, how are you planning on getting websites to use jar for authentication?

Another question: "fully-encrypted cloud storage". But previously in the
description you say "losing your JAR does not create a continuous lock-out for
the user". How does this work?

How much storage is available on the jar?

Also, you say "The private key stored on your JAR is generated when setting
JAR up for the first time, using your fingerprint as a random input". Do you
have another source of entropy for the jar? Because a fingerprint does not
have that much entropy (certainly not enough for a 2048 bit encryption key).

------
citruspi
Clickable link - [https://www.kickstarter.com/projects/itisonyou/forget-
passwo...](https://www.kickstarter.com/projects/itisonyou/forget-passwords-
use-jar)

Side note, this may have been better as "Show HN" link submission.

~~~
moujan
Thanks :)

~~~
tptacek
Since it doesn't look like you have anything people can actually play with, it
doesn't work well as a "Show HN".

Also: your submission is effectively penalized, because instead of just
submitting the Kickstarter link, you submitted a text story.

