Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated Backups (markdown)

Dominik Schürmann 2016-02-10 17:28:30 +01:00
parent c4639e406a
commit a0a8a76e74
1 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Backups.md

@ -1,17 +1,3 @@
In OpenKeychain, backups are encrypted using:
* AES-256 (because this is default for all encrypted files in OpenKeychain)
* Passphrase is securely generated from random by OpenKeychain and based on 24 uppercase characters, separated with dashes into 4*6 character chunks. Thus, the passphrase is 27 characters long, example: ``ABCDEF-GHIJKL-MNOPQR-STUVWX``.
* Possible combinations are: 26^24 = 2^112.8
* The backup file is ASCII armored and a special header is added: ``BackupVersion: 1``
* OpenKeychain detects the header and shows an improved UI for input of the Backup Code
* The header does not automate anything, it poses no additional security threat.
# Version: 2
##Changelog
* change to 4 characters chunks instead of 6 character chunks
* include numbers
## Standard
1. All secret and public keys that should be included in the backup MUST be concatenated in their [transferable key format](http://tools.ietf.org/html/rfc4880#section-11.1).
2. A backup code is generated from secure random: The backup code consists of 24 upper case characters from the Latin alphabet and numbers without ``O`` and ``0`` (``123456789ABCDEFGHIJKLMNPQRSTUVWXYZ``) grouped into 4-character chunks, e.g., ``TWNK-KD5Y-MT3T-E1GS-DRDB-KVTW``. The characters MUST be generated from secure random, such as ``/dev/urandom``.
@ -41,3 +27,14 @@ In OpenKeychain, backups are encrypted using:
* I haven't found studies targetting this special use case in computer science, but some target similar ones, but only considering long term memory:
* [2015, Jun Ho Huh et al.: On the Memorability of System-generated PINs: Can Chunking Help?](http://lersse-dl.ece.ubc.ca/record/304/files/soups2015-final110.pdf)
* [2006, Deborah S. Carstens, Linda C. Malone, Pamela McCauley-Bell: Applying Chunking Theory in Organizational Password Guidelines](http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.97.2782&rep=rep1&type=pdf)
## Diff to Version 1
* Change to 4 characters chunks instead of 6 character chunks
* Include numbers
## Deprecated Version 1
* AES-256 (because this is default for all encrypted files in OpenKeychain)
* Passphrase is securely generated from random by OpenKeychain and based on 24 uppercase characters, separated with dashes into 4*6 character chunks. Thus, the passphrase is 27 characters long, example: ``ABCDEF-GHIJKL-MNOPQR-STUVWX``.
* Possible combinations are: 26^24 = 2^112.8
* The backup file is ASCII armored and a special header is added: ``BackupVersion: 1``