dkelly/pynkode
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

move tabletop-discussion.md

Browse Source
This commit is contained in:
Donovan
2025-03-30 04:44:35 -05:00
parent 8728bef61a
commit 021e468494
2 changed files with 63 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
tabletop-discussion.md → docs/tabletop-discussion.md
View File

@@ -2,13 +2,13 @@
## Documentation and Tutorials ## Documentation and Tutorials
1. [Enrollment](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/docs/enrollment_diagram.md) 1. [Enrollment](enrollment_diagram.md)
2. [Login](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/docs/login_diagram.md) 2. [Login](login_diagram.md)
3. [Cipher and Renew](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/docs/encipher_decipher_renew_nkode.md) 3. [Cipher and Renew](encipher_decipher_renew_nkode.md)
4. [nKode API Tutorial 1](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Enrollment_Login_Renewal_Simplified.ipynb) 4. [nKode API Tutorial 1](../notebooks/Enrollment_Login_Renewal_Simplified.ipynb)
5. [nKode API Tutorial 2](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Enrollment_Login_Renewal_Detailed.ipynb) 5. [nKode API Tutorial 2](../notebooks/Enrollment_Login_Renewal_Detailed.ipynb)
6. [Dispersion Tutorial](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Dispersion.ipynb) 6. [Dispersion Tutorial](../notebooks/Dispersion.ipynb)
7. [Split Shuffle](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Split_Shuffle.ipynb) 7. [Split Shuffle](../notebooks/Split_Shuffle.ipynb)
## Discussion Topics ## Discussion Topics
### nKode Length ### nKode Length
@@ -38,36 +38,33 @@
| *APT | *Don't wait for garbage collector, manage timeouts | | *APT | *Don't wait for garbage collector, manage timeouts |
| Phishing | Dispersion Resistant Keypad, nKode policy, passkey protected keypad icons | | Phishing | Dispersion Resistant Keypad, nKode policy, passkey protected keypad icons |
| *MiTM | TLS, *TOTP shuffle, *DARC | | *MiTM | TLS, *TOTP shuffle, *DARC |
*not implemented yet/needs another look *not implemented yet/needs another look
#### asks for Dr. Kandah #### asks for Dr. Kandah
- Evil nKode screen watching/key replay - Evil nKode screen watching/key replay
- Can we rig the shuffle in our favor? How long do we need to cache? - Given a particular policy and keypad size:
- shoulder surfing - what is the probability of a key replay?
- Keylogger resistance - what trade-offs are made between key replay and cracking an nkode?
- split shuffle is unbiased - Is the split shuffle unbiased?
- Can we rig the shuffle in our favor with keypad caching or other techniques?
- Dispersion Attack/Phishing attack - Dispersion Attack/Phishing attack
- CAC/passkey protection for server stored icons
- is the dispersion algorithm unbiased? - is the dispersion algorithm unbiased?
- Develop a modified dispersion algorithm to phish a dispersion resistant keypad
- validate the cipher - validate the cipher
- validate the server-side values - validate the server-side values
- validate the relationship between the mask and the hash - validate the relationship between the mask and the hash
- validate the renewal - validate the renewal
- are these processes secure? - are these processes/algorithms secure?
- Minium amount of encryption needed - What is the minimum amount of encryption needed to secure user's nkodes against a full/partial database exfiltration
- Least encryption:brute force crack with plain text database breach - How long will it take to brute force a hash with a full plain text breach of the database and what's gained?
- Most encryption: everything is encrypted - How often do nkode icons need to be changed to maintain security if at all?
- Is there an secure inbetween? what stays plain text what gets encrypted with HSM? - if it does need to be changed can we start with 4 icons and add icons over time then roll the icons (drop the first icons and append a new one) after reaching a max size?
- How long does it take to brute-force with plain and what's gained?
- how often do nkode icons need to be changed to maintain security if at all?
- if it does need to be changed can we roll the icons? can we start with 4 icons and add icons over time?
- Low-bandwidth: how low can we go? - Low-bandwidth: how low can we go?
- TCP vs UDP - TCP vs UDP
- Security of RX/TX without tls/encrypted channel - Security of RX/TX without tls/encrypted channel
- Hypothetical: Break the cipher keys onto different machines in different locations? - Hypothetical: What security gains are made if we split the cipher keys into multiple parts and put them on different machines in many locations?
- TOTP shuffle on client and server
Other stuff: Other stuff:
- unbiased icons/psychology - unbiased icons/psychology

81
notebooks/Enrollment_Login_Renewal_Simplified.ipynb
View File

@@ -19,12 +19,12 @@
"metadata": { "metadata": {
"collapsed": false, "collapsed": false,
"ExecuteTime": { "ExecuteTime": {
"end_time": "2025-03-27T19:17:34.809483Z", "end_time": "2025-03-28T15:06:18.878127Z",
"start_time": "2025-03-27T19:17:34.735988Z" "start_time": "2025-03-28T15:06:18.874618Z"
} }
}, },
"outputs": [], "outputs": [],
"execution_count": 1 "execution_count": 30
}, },
{ {
"metadata": {}, "metadata": {},
@@ -44,8 +44,8 @@
"policy = NKodePolicy(\n", "policy = NKodePolicy(\n",
" max_nkode_len=10,\n", " max_nkode_len=10,\n",
" min_nkode_len=4,\n", " min_nkode_len=4,\n",
" distinct_positions=0,\n", " distinct_positions=0, # complexity\n",
" distinct_properties=4,\n", " distinct_properties=4, # disparity\n",
")\n", ")\n",
"keypad_size = KeypadSize(\n", "keypad_size = KeypadSize(\n",
" numb_of_keys = 5,\n", " numb_of_keys = 5,\n",
@@ -57,12 +57,12 @@
"metadata": { "metadata": {
"collapsed": false, "collapsed": false,
"ExecuteTime": { "ExecuteTime": {
"end_time": "2025-03-27T19:17:34.878585Z", "end_time": "2025-03-28T15:06:18.896461Z",
"start_time": "2025-03-27T19:17:34.817604Z" "start_time": "2025-03-28T15:06:18.891125Z"
} }
}, },
"outputs": [], "outputs": [],
"execution_count": 2 "execution_count": 31
}, },
{ {
"metadata": {}, "metadata": {},
@@ -81,8 +81,8 @@
{ {
"metadata": { "metadata": {
"ExecuteTime": { "ExecuteTime": {
"end_time": "2025-03-27T19:17:34.918050Z", "end_time": "2025-03-28T15:06:18.914254Z",
"start_time": "2025-03-27T19:17:34.914192Z" "start_time": "2025-03-28T15:06:18.911798Z"
} }
}, },
"cell_type": "code", "cell_type": "code",
@@ -91,7 +91,7 @@
"signup_session_id, set_keypad = api.generate_signup_keypad(customer_id, username)" "signup_session_id, set_keypad = api.generate_signup_keypad(customer_id, username)"
], ],
"outputs": [], "outputs": [],
"execution_count": 3 "execution_count": 32
}, },
{ {
"metadata": {}, "metadata": {},
@@ -104,8 +104,8 @@
{ {
"metadata": { "metadata": {
"ExecuteTime": { "ExecuteTime": {
"end_time": "2025-03-27T19:17:34.928470Z", "end_time": "2025-03-28T15:06:18.931791Z",
"start_time": "2025-03-27T19:17:34.926257Z" "start_time": "2025-03-28T15:06:18.929028Z"
} }
}, },
"cell_type": "code", "cell_type": "code",
@@ -115,7 +115,7 @@
"selected_keys_set = select_keys_with_passcode_values(passcode_property_indices, set_keypad, keypad_size.numb_of_keys)" "selected_keys_set = select_keys_with_passcode_values(passcode_property_indices, set_keypad, keypad_size.numb_of_keys)"
], ],
"outputs": [], "outputs": [],
"execution_count": 4 "execution_count": 33
}, },
{ {
"metadata": {}, "metadata": {},
@@ -128,31 +128,19 @@
{ {
"metadata": { "metadata": {
"ExecuteTime": { "ExecuteTime": {
"end_time": "2025-03-27T19:17:35.223175Z", "end_time": "2025-03-28T15:06:19.247638Z",
"start_time": "2025-03-27T19:17:34.978825Z" "start_time": "2025-03-28T15:06:18.938601Z"
} }
}, },
"cell_type": "code", "cell_type": "code",
"source": [ "source": [
"confirm_keypad = api.set_nkode(username, customer_id, selected_keys_set, signup_session_id)\n", "confirm_keypad = api.set_nkode(customer_id, selected_keys_set, signup_session_id)\n",
"selected_keys_confirm = select_keys_with_passcode_values(passcode_property_indices, confirm_keypad, keypad_size.numb_of_keys)\n", "selected_keys_confirm = select_keys_with_passcode_values(passcode_property_indices, confirm_keypad, keypad_size.numb_of_keys)\n",
"success = api.confirm_nkode(username, customer_id, selected_keys_confirm, signup_session_id)\n", "success = api.confirm_nkode(customer_id, selected_keys_confirm, signup_session_id)\n",
"assert success" "assert success"
], ],
"outputs": [ "outputs": [],
{ "execution_count": 34
"ename": "TypeError",
"evalue": "NKodeAPI.set_nkode() takes 4 positional arguments but 5 were given",
"output_type": "error",
"traceback": [
"\u001B[0;31m---------------------------------------------------------------------------\u001B[0m",
"\u001B[0;31mTypeError\u001B[0m Traceback (most recent call last)",
"Cell \u001B[0;32mIn[5], line 1\u001B[0m\n\u001B[0;32m----> 1\u001B[0m confirm_keypad \u001B[38;5;241m=\u001B[39m \u001B[43mapi\u001B[49m\u001B[38;5;241;43m.\u001B[39;49m\u001B[43mset_nkode\u001B[49m\u001B[43m(\u001B[49m\u001B[43musername\u001B[49m\u001B[43m,\u001B[49m\u001B[43m \u001B[49m\u001B[43mcustomer_id\u001B[49m\u001B[43m,\u001B[49m\u001B[43m \u001B[49m\u001B[43mselected_keys_set\u001B[49m\u001B[43m,\u001B[49m\u001B[43m \u001B[49m\u001B[43msignup_session_id\u001B[49m\u001B[43m)\u001B[49m\n\u001B[1;32m 2\u001B[0m selected_keys_confirm \u001B[38;5;241m=\u001B[39m select_keys_with_passcode_values(passcode_property_indices, confirm_keypad, keypad_size\u001B[38;5;241m.\u001B[39mnumb_of_keys)\n\u001B[1;32m 3\u001B[0m success \u001B[38;5;241m=\u001B[39m api\u001B[38;5;241m.\u001B[39mconfirm_nkode(username, customer_id, selected_keys_confirm, signup_session_id)\n",
"\u001B[0;31mTypeError\u001B[0m: NKodeAPI.set_nkode() takes 4 positional arguments but 5 were given"
]
}
],
"execution_count": 5
}, },
{ {
"metadata": {}, "metadata": {},
@@ -166,8 +154,8 @@
{ {
"metadata": { "metadata": {
"ExecuteTime": { "ExecuteTime": {
"end_time": "2025-03-27T19:17:35.258024Z", "end_time": "2025-03-28T15:06:19.559753Z",
"start_time": "2025-03-24T20:25:00.973454Z" "start_time": "2025-03-28T15:06:19.254675Z"
} }
}, },
"cell_type": "code", "cell_type": "code",
@@ -178,7 +166,7 @@
"assert success" "assert success"
], ],
"outputs": [], "outputs": [],
"execution_count": 13 "execution_count": 35
}, },
{ {
"metadata": {}, "metadata": {},
@@ -194,8 +182,8 @@
{ {
"metadata": { "metadata": {
"ExecuteTime": { "ExecuteTime": {
"end_time": "2025-03-27T19:17:35.259102Z", "end_time": "2025-03-28T15:06:20.181548Z",
"start_time": "2025-03-24T20:25:01.209950Z" "start_time": "2025-03-28T15:06:19.568067Z"
} }
}, },
"cell_type": "code", "cell_type": "code",
@@ -207,7 +195,24 @@
"assert success" "assert success"
], ],
"outputs": [], "outputs": [],
"execution_count": 14 "execution_count": 36
},
{
"metadata": {
"ExecuteTime": {
"end_time": "2025-03-28T15:06:20.500050Z",
"start_time": "2025-03-28T15:06:20.194912Z"
}
},
"cell_type": "code",
"source": [
"login_keypad = api.get_login_keypad(username, customer_id)\n",
"selected_keys_login = select_keys_with_passcode_values(passcode_property_indices, login_keypad, keypad_size.props_per_key)\n",
"success = api.login(customer_id, username, selected_keys_login)\n",
"assert success"
],
"outputs": [],
"execution_count": 37
} }
], ],
"metadata": { "metadata": {