pynkode/docs/tabletop-discussion.md

# Table-top discussion


## Documentation and Tutorials
1. [Enrollment](enrollment_diagram.md)
2. [Login](login_diagram.md)
3. [Cipher and Renew](encipher_decipher_renew_nkode.md)
4. [nKode API Tutorial 1](../notebooks/Enrollment_Login_Renewal_Simplified.ipynb)
5. [nKode API Tutorial 2](../notebooks/Enrollment_Login_Renewal_Detailed.ipynb)
6. [Dispersion Tutorial](../notebooks/Dispersion.ipynb)
7. [Split Shuffle](../notebooks/Split_Shuffle.ipynb)

## Discussion Topics
### nKode Length
[Memorized Secret](https://pages.nist.gov/800-63-3/sp800-63b.html#memsecret) `Memorized secrets SHALL be at least 8 characters in length if chosen by the subscriber. Memorized secrets chosen randomly by the CSP or verifier SHALL be at least 6 characters in length and MAY be entirely numeric.`
- The minimum entropy for a randomly chosen memorized secret is approximately 20 bits.
- A keypad with 6 keys, each having 9 properties, exceeds this requirement with a minimum 4-character nKode, providing approximately 23 bits of entropy.

### nKode Observation
- Cracking an nKode [Evil nKode](https://git.infra.nkode.tech/dkelly/evilkode)
- Replay Attack

### Dispersion Attack

### nKode Over low-bandwidth

### nKode Over Unencrypted Channel
- TOTP
- DARC

### Discussion Outcomes:

#### Attacks and controls
| Attacks                 | Controls                                                                       |
|-------------------------|--------------------------------------------------------------------------------|
| Screen Recording Attack | Split shuffle/more icons per key than keys                                     |
| Exfiltrated DB          | Physically separated keys and icons, partial or full encryption, nKode renewal |
| *APT                    | *Don't wait for garbage collector, manage timeouts                             |
| Phishing                | Dispersion Resistant Keypad, nKode policy, passkey protected keypad icons      |
| *MiTM                   | TLS, *TOTP shuffle, *DARC                                                      |

*not implemented yet/needs another look

#### asks for Dr. Kandah

- Evil nKode screen watching/key replay
    - Given a particular policy and keypad size:
      - what is the probability of a key replay?
      - what trade-offs are made between key replay and cracking an nkode? 
    - Is the split shuffle unbiased?
    - Can we rig the shuffle in our favor with keypad caching or other techniques?
- Dispersion Attack/Phishing attack
    - is the dispersion algorithm unbiased?
    - Develop a modified dispersion algorithm to phish a dispersion resistant keypad
- validate the cipher
  - validate the server-side values
  - validate the relationship between the mask and the hash
  - validate the renewal
  - are these processes/algorithms secure?
- What is the minimum amount of encryption needed to secure user's nkodes against a full/partial database exfiltration
  - How long will it take to brute force a hash with a full plain text breach of the database and what's gained?
- How often do nkode icons need to be changed to maintain security if at all?
  - if it does need to be changed can we start with 4 icons and add icons over time then roll the icons (drop the first icons and append a new one) after reaching a max size?
- Low-bandwidth: how low can we go?
  - TCP vs UDP
  - Security of RX/TX without tls/encrypted channel
- Hypothetical: What security gains are made if we split the cipher keys into multiple parts and put them on different machines in many locations?

Other stuff:
- unbiased icons/psychology