Updated Alternative Passphrase Methods (markdown)
parent
dcfcda6e0f
commit
66941a60b6
|
@ -1,4 +1,4 @@
|
||||||
* New subpacket
|
## Tech
|
||||||
As a general mechanism, we can add a non-exportable direct key signature to any keyring which carries a "hint" to the key's passphrase in one of its subpackets. This way, we can store auxiliary semantics about a passphrase while retaining the design principle that all information stored in the database is contained entirely in the keyring blobs.
|
As a general mechanism, we can add a non-exportable direct key signature to any keyring which carries a "hint" to the key's passphrase in one of its subpackets. This way, we can store auxiliary semantics about a passphrase while retaining the design principle that all information stored in the database is contained entirely in the keyring blobs.
|
||||||
Exemplary types of such auxiliary information could be flags that the passphrase should be entered as a pin, lock pattern, or obtained via nfc.
|
Exemplary types of such auxiliary information could be flags that the passphrase should be entered as a pin, lock pattern, or obtained via nfc.
|
||||||
|
|
||||||
|
@ -13,6 +13,7 @@ As on private key export for a new extra long passphrase to protect against offl
|
||||||
|
|
||||||
## Attack model
|
## Attack model
|
||||||
| Attack | Passphrase | NFC | PIN | Lockpattern |
|
| Attack | Passphrase | NFC | PIN | Lockpattern |
|
||||||
|
|-------- |--- |--- |--- |--- |
|
||||||
| Offline brute force attacks | yes | yes | no | no |
|
| Offline brute force attacks | yes | yes | no | no |
|
||||||
| Lend smartphone to other guy | | | | |
|
| Lend smartphone to other guy | | | | |
|
||||||
| Shoulder surfing | no | yes | | |
|
| Shoulder surfing | no | yes | | |
|
Loading…
Reference in New Issue