Created Alternative Passphrase Methods (markdown)
dschuermann
parent
ca05b6ae61
commit
dcfcda6e0f
|
|
@ -0,0 +1,18 @@
|
||||||
|
* New subpacket
|
||||||
|
As a general mechanism, we can add a non-exportable direct key signature to any keyring which carries a "hint" to the key's passphrase in one of its subpackets. This way, we can store auxiliary semantics about a passphrase while retaining the design principle that all information stored in the database is contained entirely in the keyring blobs.
|
||||||
|
Exemplary types of such auxiliary information could be flags that the passphrase should be entered as a pin, lock pattern, or obtained via nfc.
|
||||||
|
|
||||||
|
### NFC
|
||||||
|
|
||||||
|
### Lockpattern
|
||||||
|
|
||||||
|
### PIN
|
||||||
|
|
||||||
|
## Export
|
||||||
|
As on private key export for a new extra long passphrase to protect against offline attacks!
|
||||||
|
|
||||||
|
## Attack model
|
||||||
|
| Attack | Passphrase | NFC | PIN | Lockpattern |
|
||||||
|
| Offline brute force attacks | yes | yes | no | no |
|
||||||
|
| Lend smartphone to other guy | | | | |
|
||||||
|
| Shoulder surfing | no | yes | | |
|
||||||
Loading…
Reference in New Issue