From dcfcda6e0f1b3c7dcd260d70e6fab8e33b40c9ec Mon Sep 17 00:00:00 2001 From: dschuermann Date: Mon, 29 Dec 2014 11:45:08 -0800 Subject: [PATCH] Created Alternative Passphrase Methods (markdown) --- Alternative-Passphrase-Methods.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 Alternative-Passphrase-Methods.md diff --git a/Alternative-Passphrase-Methods.md b/Alternative-Passphrase-Methods.md new file mode 100644 index 0000000..6b1abc3 --- /dev/null +++ b/Alternative-Passphrase-Methods.md @@ -0,0 +1,18 @@ +* New subpacket +As a general mechanism, we can add a non-exportable direct key signature to any keyring which carries a "hint" to the key's passphrase in one of its subpackets. This way, we can store auxiliary semantics about a passphrase while retaining the design principle that all information stored in the database is contained entirely in the keyring blobs. +Exemplary types of such auxiliary information could be flags that the passphrase should be entered as a pin, lock pattern, or obtained via nfc. + +### NFC + +### Lockpattern + +### PIN + +## Export +As on private key export for a new extra long passphrase to protect against offline attacks! + +## Attack model +| Attack | Passphrase | NFC | PIN | Lockpattern | +| Offline brute force attacks | yes | yes | no | no | +| Lend smartphone to other guy | | | | | +| Shoulder surfing | no | yes | | | \ No newline at end of file