Rockbox.org home
release
dev builds
extras
themes manual
wiki
device status forums
mailing lists
IRC bugs
patches
dev guide



Rockbox mail archive

Subject: Re: Strong Cryptography

Re: Strong Cryptography

From: Joshua Simmons <mud_at_majidejima.com>
Date: Tue, 20 Nov 2007 18:26:41 -0500

On 11/20/07, RaeNye <raenye_at_netvision.net.il> wrote:
>
> > The first application I had in mind was for a password generator and
> storage plugin [...]
>
> And how would you like to *enter* your master password?
> You don't really want the on-screen keyboard for that (wouldn't want to
> reveal the password by displaying it).
>
> Possibly you could use gestures: the password is:
> left-down-left-right-up-left-down;
> The downside of this is that a very long sequence is required for adequate
> security (~20 gestures are equivalent in strength to a 6 characters
> password).

Yes, I have considered gestures and they might be possible (I've done some
tests of remembering them and it is not too difficult for me to remember a
30 "gesture" password, and I think I could go higher too). By simplistic
estimate, 30 "gestures" on my e200 (around 8 keys available for gestures),
would yield ~90 bits of entropy, assuming equal probability of all keys.

Also I think I will implement other keyboards for quick entry, I've been
considering a "spinner" type letter entry system, similar to what you'd see
on high score lists for arcade games, if that makes sense. I think that
might be quick and easy. But to begin with, I'm sure I'd use the
traditional keyboard as it's already implemented, and it's not /fatally/
flawed really (any keyboard entry system is going to need you to have some
privacy or someone can read your password by watching you). The default
keyboard may also be easily modifiable to display asterisks instead of the
password itself.

And finally, at some point I read something about rockbox having a morse
code input system, that might be useful to those people who know morse code
(either finding out how to set it up if it's implemented, or implement it
myself).

My design goal would be to give the user many choices for password input and
let them choose whatever is easiest for them (with a guide to the relative
strengths of passwords of each type).

> DAPs seem to be to be prime candidates for encryption technology, since
> their only real
> > downfall as sensitive-information-storage devices is their tendency to
> disappear into someone
> > else's hands.
>
> A /major/ weakness IMHO.

Yes, but one that I feel can be mitigated well by liberal use of
cryptography. You'll still need backups, but at least nobody will have all
of your passwords/data (as long as the crypto is well implemented of
course).

-mud
Received on 2007-11-21


Page was last modified "Jan 10 2012" The Rockbox Crew
aaa