|
Rockbox mail archiveSubject: Re: Strong CryptographyRe: Strong Cryptography
From: Joshua Simmons <mud_at_majidejima.com>
Date: Tue, 20 Nov 2007 18:26:41 -0500 On 11/20/07, RaeNye <raenye_at_netvision.net.il> wrote: > > > The first application I had in mind was for a password generator and > storage plugin [...] > > And how would you like to *enter* your master password? > You don't really want the on-screen keyboard for that (wouldn't want to > reveal the password by displaying it). > > Possibly you could use gestures: the password is: > left-down-left-right-up-left-down; > The downside of this is that a very long sequence is required for adequate > security (~20 gestures are equivalent in strength to a 6 characters > password). Yes, I have considered gestures and they might be possible (I've done some tests of remembering them and it is not too difficult for me to remember a 30 "gesture" password, and I think I could go higher too). By simplistic estimate, 30 "gestures" on my e200 (around 8 keys available for gestures), would yield ~90 bits of entropy, assuming equal probability of all keys. Also I think I will implement other keyboards for quick entry, I've been considering a "spinner" type letter entry system, similar to what you'd see on high score lists for arcade games, if that makes sense. I think that might be quick and easy. But to begin with, I'm sure I'd use the traditional keyboard as it's already implemented, and it's not /fatally/ flawed really (any keyboard entry system is going to need you to have some privacy or someone can read your password by watching you). The default keyboard may also be easily modifiable to display asterisks instead of the password itself. And finally, at some point I read something about rockbox having a morse code input system, that might be useful to those people who know morse code (either finding out how to set it up if it's implemented, or implement it myself). My design goal would be to give the user many choices for password input and let them choose whatever is easiest for them (with a guide to the relative strengths of passwords of each type). > DAPs seem to be to be prime candidates for encryption technology, since > their only real > > downfall as sensitive-information-storage devices is their tendency to > disappear into someone > > else's hands. > > A /major/ weakness IMHO. Yes, but one that I feel can be mitigated well by liberal use of cryptography. You'll still need backups, but at least nobody will have all of your passwords/data (as long as the crypto is well implemented of course). -mud Received on 2007-11-21 Page template was last modified "Tue Sep 7 00:00:02 2021" The Rockbox Crew -- Privacy Policy |