KBR1 + salted hashes

A nice addition would be the ability for a KBR (mk2?) to send a salted hash of your RFID UID, because Windows10 accepts alphanumeric PINs so a HEX hash value should work and be more secure than plain-text UID of your xEM alone. Thoughts?

This is an interesting idea, but what are you protecting against? Having a longer password is beneficial to avoid someone bruteforcing your Windows password, but the hash alone solves that. Salting is beneficial to protect data at rest but in this case the KBR doesn’t store or validate passwords, it just aids in transit. If an eavesdropper listens between your chip and the KBR, you’re SOL and if the eavesdropper listens between the KBR and Windows you’re SOL as having the hash alone is sufficient to get into Windows.

This said, I think the point of the KBR is convenience, not security. Ideally (imo) if you’re trying to maximize security instead of convenience, you could use your xEM reading as a second factor in addition to a traditional password you’d type. That would probably be a lot of work to set up as Windows is somewhat limited in what it will use as multifactor.