dkelly/pynkode
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

move tabletop-discussion.md

Browse Source
This commit is contained in:
Donovan
2025-03-30 04:44:35 -05:00
parent 8728bef61a
commit 021e468494
2 changed files with 63 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
tabletop-discussion.md → docs/tabletop-discussion.md
View File

@@ -2,13 +2,13 @@
## Documentation and Tutorials
1. [Enrollment](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/docs/enrollment_diagram.md)
2. [Login](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/docs/login_diagram.md)
3. [Cipher and Renew](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/docs/encipher_decipher_renew_nkode.md)
4. [nKode API Tutorial 1](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Enrollment_Login_Renewal_Simplified.ipynb)
5. [nKode API Tutorial 2](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Enrollment_Login_Renewal_Detailed.ipynb)
6. [Dispersion Tutorial](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Dispersion.ipynb)
7. [Split Shuffle](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Split_Shuffle.ipynb)
1. [Enrollment](enrollment_diagram.md)
2. [Login](login_diagram.md)
3. [Cipher and Renew](encipher_decipher_renew_nkode.md)
4. [nKode API Tutorial 1](../notebooks/Enrollment_Login_Renewal_Simplified.ipynb)
5. [nKode API Tutorial 2](../notebooks/Enrollment_Login_Renewal_Detailed.ipynb)
6. [Dispersion Tutorial](../notebooks/Dispersion.ipynb)
7. [Split Shuffle](../notebooks/Split_Shuffle.ipynb)
## Discussion Topics
### nKode Length
@@ -38,36 +38,33 @@
| *APT | *Don't wait for garbage collector, manage timeouts |
| Phishing | Dispersion Resistant Keypad, nKode policy, passkey protected keypad icons |
| *MiTM | TLS, *TOTP shuffle, *DARC |
*not implemented yet/needs another look
#### asks for Dr. Kandah
- Evil nKode screen watching/key replay
- Can we rig the shuffle in our favor? How long do we need to cache?
- shoulder surfing
- Keylogger resistance
- split shuffle is unbiased
- Given a particular policy and keypad size:
- what is the probability of a key replay?
- what trade-offs are made between key replay and cracking an nkode?
- Is the split shuffle unbiased?
- Can we rig the shuffle in our favor with keypad caching or other techniques?
- Dispersion Attack/Phishing attack
- CAC/passkey protection for server stored icons
- is the dispersion algorithm unbiased?
- Develop a modified dispersion algorithm to phish a dispersion resistant keypad
- validate the cipher
- validate the server-side values
- validate the relationship between the mask and the hash
- validate the renewal
- are these processes secure?
- Minium amount of encryption needed
- Least encryption:brute force crack with plain text database breach
- Most encryption: everything is encrypted
- Is there an secure inbetween? what stays plain text what gets encrypted with HSM?
- How long does it take to brute-force with plain and what's gained?
- how often do nkode icons need to be changed to maintain security if at all?
- if it does need to be changed can we roll the icons? can we start with 4 icons and add icons over time?
- are these processes/algorithms secure?
- What is the minimum amount of encryption needed to secure user's nkodes against a full/partial database exfiltration
- How long will it take to brute force a hash with a full plain text breach of the database and what's gained?
- How often do nkode icons need to be changed to maintain security if at all?
- if it does need to be changed can we start with 4 icons and add icons over time then roll the icons (drop the first icons and append a new one) after reaching a max size?
- Low-bandwidth: how low can we go?
- TCP vs UDP
- Security of RX/TX without tls/encrypted channel
- Hypothetical: Break the cipher keys onto different machines in different locations?
- TOTP shuffle on client and server
- Hypothetical: What security gains are made if we split the cipher keys into multiple parts and put them on different machines in many locations?
Other stuff:
- unbiased icons/psychology

81
notebooks/Enrollment_Login_Renewal_Simplified.ipynb
View File

@@ -19,12 +19,12 @@
"metadata": {
"collapsed": false,
"ExecuteTime": {
"end_time": "2025-03-27T19:17:34.809483Z",
"start_time": "2025-03-27T19:17:34.735988Z"
"end_time": "2025-03-28T15:06:18.878127Z",
"start_time": "2025-03-28T15:06:18.874618Z"
}
},
"outputs": [],
"execution_count": 1
"execution_count": 30
},
{
"metadata": {},
@@ -44,8 +44,8 @@
"policy = NKodePolicy(\n",
" max_nkode_len=10,\n",
" min_nkode_len=4,\n",
" distinct_positions=0,\n",
" distinct_properties=4,\n",
" distinct_positions=0, # complexity\n",
" distinct_properties=4, # disparity\n",
")\n",
"keypad_size = KeypadSize(\n",
" numb_of_keys = 5,\n",
@@ -57,12 +57,12 @@
"metadata": {
"collapsed": false,
"ExecuteTime": {
"end_time": "2025-03-27T19:17:34.878585Z",
"start_time": "2025-03-27T19:17:34.817604Z"
"end_time": "2025-03-28T15:06:18.896461Z",
"start_time": "2025-03-28T15:06:18.891125Z"
}
},
"outputs": [],
"execution_count": 2
"execution_count": 31
},
{
"metadata": {},
@@ -81,8 +81,8 @@
{
"metadata": {
"ExecuteTime": {
"end_time": "2025-03-27T19:17:34.918050Z",
"start_time": "2025-03-27T19:17:34.914192Z"
"end_time": "2025-03-28T15:06:18.914254Z",
"start_time": "2025-03-28T15:06:18.911798Z"
}
},
"cell_type": "code",
@@ -91,7 +91,7 @@
"signup_session_id, set_keypad = api.generate_signup_keypad(customer_id, username)"
],
"outputs": [],
"execution_count": 3
"execution_count": 32
},
{
"metadata": {},
@@ -104,8 +104,8 @@
{
"metadata": {
"ExecuteTime": {
"end_time": "2025-03-27T19:17:34.928470Z",
"start_time": "2025-03-27T19:17:34.926257Z"
"end_time": "2025-03-28T15:06:18.931791Z",
"start_time": "2025-03-28T15:06:18.929028Z"
}
},
"cell_type": "code",
@@ -115,7 +115,7 @@
"selected_keys_set = select_keys_with_passcode_values(passcode_property_indices, set_keypad, keypad_size.numb_of_keys)"
],
"outputs": [],
"execution_count": 4
"execution_count": 33
},
{
"metadata": {},
@@ -128,31 +128,19 @@
{
"metadata": {
"ExecuteTime": {
"end_time": "2025-03-27T19:17:35.223175Z",
"start_time": "2025-03-27T19:17:34.978825Z"
"end_time": "2025-03-28T15:06:19.247638Z",
"start_time": "2025-03-28T15:06:18.938601Z"
}
},
"cell_type": "code",
"source": [
"confirm_keypad = api.set_nkode(username, customer_id, selected_keys_set, signup_session_id)\n",
"confirm_keypad = api.set_nkode(customer_id, selected_keys_set, signup_session_id)\n",
"selected_keys_confirm = select_keys_with_passcode_values(passcode_property_indices, confirm_keypad, keypad_size.numb_of_keys)\n",
"success = api.confirm_nkode(username, customer_id, selected_keys_confirm, signup_session_id)\n",
"success = api.confirm_nkode(customer_id, selected_keys_confirm, signup_session_id)\n",
"assert success"
],
"outputs": [
{
"ename": "TypeError",
"evalue": "NKodeAPI.set_nkode() takes 4 positional arguments but 5 were given",
"output_type": "error",
"traceback": [
"\u001B[0;31m---------------------------------------------------------------------------\u001B[0m",
"\u001B[0;31mTypeError\u001B[0m Traceback (most recent call last)",
"Cell \u001B[0;32mIn[5], line 1\u001B[0m\n\u001B[0;32m----> 1\u001B[0m confirm_keypad \u001B[38;5;241m=\u001B[39m \u001B[43mapi\u001B[49m\u001B[38;5;241;43m.\u001B[39;49m\u001B[43mset_nkode\u001B[49m\u001B[43m(\u001B[49m\u001B[43musername\u001B[49m\u001B[43m,\u001B[49m\u001B[43m \u001B[49m\u001B[43mcustomer_id\u001B[49m\u001B[43m,\u001B[49m\u001B[43m \u001B[49m\u001B[43mselected_keys_set\u001B[49m\u001B[43m,\u001B[49m\u001B[43m \u001B[49m\u001B[43msignup_session_id\u001B[49m\u001B[43m)\u001B[49m\n\u001B[1;32m 2\u001B[0m selected_keys_confirm \u001B[38;5;241m=\u001B[39m select_keys_with_passcode_values(passcode_property_indices, confirm_keypad, keypad_size\u001B[38;5;241m.\u001B[39mnumb_of_keys)\n\u001B[1;32m 3\u001B[0m success \u001B[38;5;241m=\u001B[39m api\u001B[38;5;241m.\u001B[39mconfirm_nkode(username, customer_id, selected_keys_confirm, signup_session_id)\n",
"\u001B[0;31mTypeError\u001B[0m: NKodeAPI.set_nkode() takes 4 positional arguments but 5 were given"
]
}
],
"execution_count": 5
"outputs": [],
"execution_count": 34
},
{
"metadata": {},
@@ -166,8 +154,8 @@
{
"metadata": {
"ExecuteTime": {
"end_time": "2025-03-27T19:17:35.258024Z",
"start_time": "2025-03-24T20:25:00.973454Z"
"end_time": "2025-03-28T15:06:19.559753Z",
"start_time": "2025-03-28T15:06:19.254675Z"
}
},
"cell_type": "code",
@@ -178,7 +166,7 @@
"assert success"
],
"outputs": [],
"execution_count": 13
"execution_count": 35
},
{
"metadata": {},
@@ -194,8 +182,8 @@
{
"metadata": {
"ExecuteTime": {
"end_time": "2025-03-27T19:17:35.259102Z",
"start_time": "2025-03-24T20:25:01.209950Z"
"end_time": "2025-03-28T15:06:20.181548Z",
"start_time": "2025-03-28T15:06:19.568067Z"
}
},
"cell_type": "code",
@@ -207,7 +195,24 @@
"assert success"
],
"outputs": [],
"execution_count": 14
"execution_count": 36
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2025-03-28T15:06:20.500050Z",
"start_time": "2025-03-28T15:06:20.194912Z"
}
},
"cell_type": "code",
"source": [
"login_keypad = api.get_login_keypad(username, customer_id)\n",
"selected_keys_login = select_keys_with_passcode_values(passcode_property_indices, login_keypad, keypad_size.props_per_key)\n",
"success = api.login(customer_id, username, selected_keys_login)\n",
"assert success"
],
"outputs": [],
"execution_count": 37
}
],
"metadata": {