From 387b048d871750230dbb5f6b875d1eeba3763f05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Thu, 7 Jan 2016 16:31:38 +0100 Subject: [PATCH] Updated Backups (markdown) --- Backups.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/Backups.md b/Backups.md index 39e4106..deb3482 100644 --- a/Backups.md +++ b/Backups.md @@ -31,8 +31,6 @@ This is work in progress... * Security level: Possible combinations are 34^24 = 2^122.10. This is enough to be protected against offline brute force attacks. You can get a rough estimate using https://www.grc.com/haystack.htm . * Using only upper case letters, no lower case letters and no numbers * Using mixed upper and lower case makes it much more difficult to recall the characters from short term memory. Consider someone reading them aloud, it is required to say for every letter if it's upper or lower case. Memorizing things in short term memory works similar to reading something aloud, which makes the mixed upper/lower case backup codes double as difficult to remember than upper-case-only backup codes. - * Numbers would increase the alphabet by only 10 characters, the length of the backup code would be only 2 characters shorter to achieve the same security. - * If numbers would be included, we should use lowercase to allow better differentiation between lower and upper case. Because we don't include them we could stay with uppercase letters. * They look like serial numbers, like they were used for Windows, when using upper case only. Many people know serial numbers and are thus comfortable with using these. * Dividing into 4-character chunks * The following studies are great background, why chunking into 4 characters makes most sense, especially the last publication: