update dipersion attack; add tabletop-discussion.md
This commit is contained in:
22
docs/templates/dispersion_attack.template.md
vendored
Normal file
22
docs/templates/dispersion_attack.template.md
vendored
Normal file
@@ -0,0 +1,22 @@
|
|||||||
|
# Dispersion Attack
|
||||||
|
|
||||||
|
```mermaid
|
||||||
|
sequenceDiagram
|
||||||
|
participant User
|
||||||
|
participant Threat Actor
|
||||||
|
participant nKode Server
|
||||||
|
Threat Actor ->> Threat Actor: Get User's email/keypad icons
|
||||||
|
Threat Actor ->> User: Send Phishing Email
|
||||||
|
Note left of User: Recieves Email:<br/>Subject: Urgent<br/>Body: Click the link to verify your account https://www.nkod3.tech
|
||||||
|
User ->> Threat Actor: Clicks link
|
||||||
|
Threat Actor -->> User: Fake nKode Login Page
|
||||||
|
Note left of User: Login Page<br/>{{nkode_keypad1}}
|
||||||
|
User ->>+ Threat Actor: key selection {{key_selection1}}
|
||||||
|
Threat Actor ->> Threat Actor: Disperse Keypad
|
||||||
|
Threat Actor -->>- User: Invalid nKode Try Again
|
||||||
|
Note left of User: Login Page<br/>{{nkode_keypad2}}
|
||||||
|
User ->> Threat Actor: key selection {{key_selection2}}
|
||||||
|
Threat Actor ->> Threat Actor: Deduce the user's nKode
|
||||||
|
Threat Actor ->> nKode Server: {{user_passcode}}
|
||||||
|
nKode Server -->> Threat Actor: Success
|
||||||
|
```
|
||||||
29
tabletop-discussion.md
Normal file
29
tabletop-discussion.md
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
# Table-top discussion
|
||||||
|
|
||||||
|
|
||||||
|
## Documentation and Tutorials
|
||||||
|
1. [Enrollment](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/docs/enrollment_diagram.md)
|
||||||
|
2. [Login](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/docs/login_diagram.md)
|
||||||
|
3. [Cipher and Renew](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/docs/encipher_decipher_renew_nkode.md)
|
||||||
|
4. [nKode API Tutorial 1](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Enrollment_Login_Renewal_Simplified.ipynb)
|
||||||
|
5. [nKode API Tutorial 2](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Enrollment_Login_Renewal_Detailed.ipynb)
|
||||||
|
6. [Dispersion Tutorial](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Dispersion.ipynb)
|
||||||
|
7. [Split Shuffle](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Split_Shuffle.ipynb)
|
||||||
|
|
||||||
|
## Discussion Topics
|
||||||
|
### nKode Length
|
||||||
|
[Memorized Secret](https://pages.nist.gov/800-63-3/sp800-63b.html#memsecret) `Memorized secrets SHALL be at least 8 characters in length if chosen by the subscriber. Memorized secrets chosen randomly by the CSP or verifier SHALL be at least 6 characters in length and MAY be entirely numeric.`
|
||||||
|
- The minimum entropy for a randomly chosen memorized secret is approximately 20 bits.
|
||||||
|
- A keypad with 6 keys, each having 9 properties, exceeds this requirement with a minimum 4-character nKode, providing approximately 23 bits of entropy.
|
||||||
|
|
||||||
|
### nKode Observation
|
||||||
|
- Cracking an nKode [Evil nKode](https://git.infra.nkode.tech/dkelly/evilkode)
|
||||||
|
- Replay Attack
|
||||||
|
|
||||||
|
### Dispersion Attack
|
||||||
|
|
||||||
|
### nKode Over low-bandwidth
|
||||||
|
|
||||||
|
### nKode Over Unencrypted Channel
|
||||||
|
- TOTP
|
||||||
|
- DARC
|
||||||
Reference in New Issue
Block a user