update dipersion attack; add tabletop-discussion.md

2025-03-27 10:38:14 -05:00
parent daed7fad6f
commit 843563fb0c
2 changed files with 51 additions and 0 deletions
--- a/docs/templates/dispersion_attack.template.md
+++ b/docs/templates/dispersion_attack.template.md
@@ -0,0 +1,22 @@
+# Dispersion Attack
+
+```mermaid
+sequenceDiagram
+    participant User
+    participant Threat Actor
+    participant nKode Server
+    Threat Actor ->> Threat Actor: Get User's email/keypad icons
+    Threat Actor ->> User: Send Phishing Email
+    Note left of User: Recieves Email:<br/>Subject: Urgent<br/>Body: Click the link to verify your account https://www.nkod3.tech
+    User ->> Threat Actor: Clicks link
+    Threat Actor -->> User: Fake nKode Login Page
+    Note left of User: Login Page<br/>{{nkode_keypad1}}
+    User ->>+ Threat Actor: key selection {{key_selection1}} 
+    Threat Actor ->> Threat Actor: Disperse Keypad 
+    Threat Actor -->>- User: Invalid nKode Try Again
+    Note left of User: Login Page<br/>{{nkode_keypad2}}
+    User ->> Threat Actor: key selection {{key_selection2}} 
+    Threat Actor ->> Threat Actor: Deduce the user's nKode 
+    Threat Actor ->> nKode Server: {{user_passcode}}
+    nKode Server -->> Threat Actor: Success 
+```
--- a/tabletop-discussion.md
+++ b/tabletop-discussion.md
@@ -0,0 +1,29 @@
+# Table-top discussion
+
+
+## Documentation and Tutorials
+1. [Enrollment](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/docs/enrollment_diagram.md)
+2. [Login](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/docs/login_diagram.md)
+3. [Cipher and Renew](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/docs/encipher_decipher_renew_nkode.md)
+4. [nKode API Tutorial 1](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Enrollment_Login_Renewal_Simplified.ipynb)
+5. [nKode API Tutorial 2](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Enrollment_Login_Renewal_Detailed.ipynb)
+6. [Dispersion Tutorial](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Dispersion.ipynb)
+7. [Split Shuffle](https://git.infra.nkode.tech/dkelly/pynkode/src/branch/main/notebooks/Split_Shuffle.ipynb)
+
+## Discussion Topics
+### nKode Length
+[Memorized Secret](https://pages.nist.gov/800-63-3/sp800-63b.html#memsecret) `Memorized secrets SHALL be at least 8 characters in length if chosen by the subscriber. Memorized secrets chosen randomly by the CSP or verifier SHALL be at least 6 characters in length and MAY be entirely numeric.`
+- The minimum entropy for a randomly chosen memorized secret is approximately 20 bits.
+- A keypad with 6 keys, each having 9 properties, exceeds this requirement with a minimum 4-character nKode, providing approximately 23 bits of entropy.
+
+### nKode Observation
+- Cracking an nKode [Evil nKode](https://git.infra.nkode.tech/dkelly/evilkode)
+- Replay Attack
+
+### Dispersion Attack
+
+### nKode Over low-bandwidth
+
+### nKode Over Unencrypted Channel
+- TOTP
+- DARC