



Working on a passwordless fingerprint unlocker thingy
uses an ESP32S3 (Seeeduino XIAO) in HID to type your password followed by enter
It's kinda secure, with the main caveat of UART spoofing (since all fingerprint verification happens in the sensor, and not the microcontroller) [edit: want to clarify that this is NOT for secure environments, anyone with access to both the device and the computer can in theory uart spoof the ESP into sending a legitimate request and getting the password since the fingerprint sensor communicates over uart. An attacker with access to just the device, cant get the password, since it is not stored anywhere on the ESP]
The password is not stored on the device, it opens both HID and Serial with the laptop to request the password encrypted with it's public key and then types it over HID, and then zero's out its memory so the password decrypted is only present for a few milliseconds.
The only method that an attacker can get your password is having access to both your laptop and the device at the same time, in which case they can spoof the UART of the fingerprint sensor (preventable kinda with black epoxy, depending on how hungry the attacker is)
Also using Flash Encryption and Secure Boot so the keys cannot be extracted via flash dumping.
Planning to make an BLE version so it can be fully wireless.
tinytouch.zimengxiong.com (open source, not very polished)