Created Alternative Passphrase Methods (markdown)
parent
ca05b6ae61
commit
dcfcda6e0f
|
@ -0,0 +1,18 @@
|
|||
* New subpacket
|
||||
As a general mechanism, we can add a non-exportable direct key signature to any keyring which carries a "hint" to the key's passphrase in one of its subpackets. This way, we can store auxiliary semantics about a passphrase while retaining the design principle that all information stored in the database is contained entirely in the keyring blobs.
|
||||
Exemplary types of such auxiliary information could be flags that the passphrase should be entered as a pin, lock pattern, or obtained via nfc.
|
||||
|
||||
### NFC
|
||||
|
||||
### Lockpattern
|
||||
|
||||
### PIN
|
||||
|
||||
## Export
|
||||
As on private key export for a new extra long passphrase to protect against offline attacks!
|
||||
|
||||
## Attack model
|
||||
| Attack | Passphrase | NFC | PIN | Lockpattern |
|
||||
| Offline brute force attacks | yes | yes | no | no |
|
||||
| Lend smartphone to other guy | | | | |
|
||||
| Shoulder surfing | no | yes | | |
|
Loading…
Reference in New Issue