Updated Backups (markdown)
parent
b011b49e14
commit
f35b0ba0a0
23
Backups.md
23
Backups.md
|
@ -4,4 +4,25 @@ In OpenKeychain, backups are encrypted using:
|
|||
* Possible combinations are: 26^24 = 2^112.8
|
||||
* The backup file is ASCII armored and a special header is added: ``BackupVersion: 1``
|
||||
* OpenKeychain detects the header and shows an improved UI for input of the Backup Code
|
||||
* The header does not automate anything, it poses no additional security threat.
|
||||
* The header does not automate anything, it poses no additional security threat.
|
||||
|
||||
# Version: 2?
|
||||
|
||||
This is work in progress...
|
||||
|
||||
* change to chunking of 4 characters
|
||||
|
||||
|
||||
## Design decisions
|
||||
|
||||
* Using only upper case letters, no lower case letters and no numbers
|
||||
* Using lower case and upper case makes it much more difficult to recall the characters from short term memory. Consider someone reading them aloud, it is required to say for every letter if it's upper or lower case. Memorizing things in short term memory works similar to reading something aloud, which makes the mixed upper/lower case backup codes double as difficult to remember than only one case backup codes.
|
||||
* Numbers would increase the alphabet by only 10 characters, the length of the backup code would be only 2 characters shorter to achieve the same security.
|
||||
* If numbers would be included, we should use lowercase to allow better differentiation between lower and upper case. Because we don't include them we could stay with uppercase letters.
|
||||
* Possible combinations are: 26^24 = 2^112.8
|
||||
* Dividing into 4-character chunks
|
||||
* 1986, Richard Schweickert, Brian Boruff: Short-Term Memory Capacity: Magic Number or Magic Spell?
|
||||
* 1994, George A. Miller: The Magical Number Seven, Plus or Minus Two: Some Limits on Our Capacity for Processing Information
|
||||
* [2000, Nelson Cowan: The magical number 4 in short-term memory: A reconsideration of mental storage capacity](http://journals.cambridge.org/article_S0140525X01373922)
|
||||
* [On the Memorability of System-generated PINs: Can Chunking Help?](http://lersse-dl.ece.ubc.ca/record/304/files/soups2015-final110.pdf)
|
||||
|
||||
|
|
Loading…
Reference in New Issue