Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated Backups (markdown)

Dominik Schürmann 2016-01-06 13:08:34 +01:00
parent 2aa0e59c51
commit 894d64dd7b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Backups.md

@ -16,7 +16,7 @@ Example: ``TWNK-KDEY-MTWT-EVGS-DRDB-KVTW``
## Design decisions
* A backup code is generated from secure random and then used directly for encrypting an OpenPGP message (more precisely: It is used for the [Symmetric-Key Encrypted Session Key Packet](http://tools.ietf.org/html/rfc4880#section-5.3)). The whole backup code, e.g., ``TWNK-KDEY-MTWT-EVGS-DRDB-KVTW`` (including the dashes -> 29 characters long), is used as a symmetric-key. Dashes are included to ease decryption using OpenPGP implementations that don't offer special dialogs for entering backup codes and only support single text fields for entering passwords.
* A backup consists of 24 upper case characters from the alphabet. It is generated from secure random and then used directly for encrypting an OpenPGP message (more precisely: It is used for the [Symmetric-Key Encrypted Session Key Packet](http://tools.ietf.org/html/rfc4880#section-5.3)). The whole backup code, e.g., ``TWNK-KDEY-MTWT-EVGS-DRDB-KVTW`` (including the dashes -> 29 characters long), is used as a symmetric-key. Dashes are included to ease decryption using OpenPGP implementations that don't offer special dialogs for entering backup codes and only support single text fields for entering passwords.
* Security level: Possible combinations are 26^24 = 2^112.8. This is enough to be protected against offline brute force attacks.
* The encryption algorithm is one of the standardized OpenPGP symmetric algorithms (in case of OpenKeychain: AES-256)
* Using only upper case letters, no lower case letters and no numbers