diff --git a/Google-Summer-of-Code-2015.md b/Google-Summer-of-Code-2015.md index b7785fb..351f69a 100644 --- a/Google-Summer-of-Code-2015.md +++ b/Google-Summer-of-Code-2015.md @@ -110,8 +110,17 @@ student will get yubikey. * make as operation ## Passphrase alternatives -* new lockpattern lib -* etc +**Brief explanation:** The private key material in secret keys is usually encrypted with a string-to-key algorithm, that is, a passphrase. This passphrase has to be entered before each crypto operation can be performed. Even though caching is possible, typing passphrases on a smartphone can be quite the nuisance especially for common operations like sending a signed email or reading an encrypted one. Mobile devices have touch screens, nfc readers, and several other methods of input not available on desktop computers, which allow for alternative methods of passphrase input like lock patterns or NFC tags. Those concepts have advantages in convenience over passphrases, but also implications on security and require some careful thought to provide good UX with minimal loss of security. + +**Expected results:** Planning and implementation of alternative methods for passphrase input + +**Knowledge Prerequisite:** Java programming + +**Skill level:** medium + +**Mentor:** Vincent Breitmoser + +**Contact:** [Mailinglist](http://groups.google.com/d/forum/openpgp-keychain-dev) ## Key Deletion UX/Revocation **Brief explanation:** When deleting a key the user should be asked to revoke the key if it is a secret one instead of just deleting it. Deleting a secret key should be considered an expert option, the average user should not do. Furthermore, revocation certificates should be supported in general. As part of the key generation process and for revoking a key at a later point in time.