Migrate Markdown-Notes: projects, meetings, reference, personal
This commit is contained in:
20
meetings/3.21.25 Meeting with Jonathan.md
Normal file
20
meetings/3.21.25 Meeting with Jonathan.md
Normal file
@@ -0,0 +1,20 @@
|
||||
Agenda
|
||||
- Discuss Table-top scenario format: I’ve never done a table-top discussion. I’d like to go over the format.
|
||||
- Discuss specific scenarios: If you have some specific scenarios you’ve been thinking about, I’d like to go over them. This will give Brooks and I some time to think about solutions and bring them for a deeper discussion next week.
|
||||
|
||||
The
|
||||
- identify attack surface
|
||||
|
||||
Nist 800-63b
|
||||
|
||||
specific scenarios
|
||||
- dispersion attack
|
||||
- nKode observations (from shoulder surfing to screen recording)
|
||||
- key replay attack
|
||||
- nKode only authentication; what happens nKode is used email?; how do you recover from a lost nkode?
|
||||
- can create icons that look the same if they've been compress? Can you mess with advisories ability to record a screen, compress it and send it over the wire
|
||||
- Can we design non space filling shape? what if the shapes float around in the key? what if they're animated
|
||||
|
||||
Make a powerpoint with the gate analogy
|
||||
how will we engage them to think about architectural design?
|
||||
can we relax MFA requirements? (nkode make credential stuffing impossible)
|
||||
8
meetings/Chat with Tim Tucker about nKode.md
Normal file
8
meetings/Chat with Tim Tucker about nKode.md
Normal file
@@ -0,0 +1,8 @@
|
||||
# Chat with Tim Tucker about nKode
|
||||
|
||||
- no more anaconda it requires a license
|
||||
- do we need a docker license? --- it does but it's not that bad
|
||||
- what about all the other stuff like gitea? --- gitea is open sources
|
||||
- Can we open source nkode with license? --- maybe
|
||||
- customers want isolation. they don't want share machines
|
||||
- Is SSO feasible? if everyone wants their own nKode then people will have memorize many nKodes
|
||||
7
meetings/Talk with Tim Tucker about nKode.md
Normal file
7
meetings/Talk with Tim Tucker about nKode.md
Normal file
@@ -0,0 +1,7 @@
|
||||
- no more anaconda
|
||||
- do we need a docker license?
|
||||
- what about all the other stuff like gitea?
|
||||
- Can we open source nkode with license?
|
||||
- customers want isolation. they don't want share machines
|
||||
- Is SSO feasible? if everyone wants their own nKode then people will have memorize many nKodes
|
||||
- Is SSO feasible? if everyone wants their own nKode then people will have memorize many nKodes
|
||||
14
meetings/m&q-review-042225.md
Normal file
14
meetings/m&q-review-042225.md
Normal file
@@ -0,0 +1,14 @@
|
||||
# McCalister and Quinn Review 042225
|
||||
|
||||
## Quantifiable nKode Metric with Minimum nKode Policy and Keypad
|
||||
- Probability of guess a 4 character nKode approx. 1 in 8 million.
|
||||
- 4 charactor nKode is as secure as an 8 charator password.
|
||||
- Takes on average over 6 recorded observations to crack an nKode; takes one observation to crack a password. Note for brook physical vs digital)
|
||||
- Passwords need to be changed every 90 days. Warfighters never need to change their nKode. nKode salt, hash, and keys change fequently (as often as every day) without user intervention or knowledge.
|
||||
- nKode can't be attacked with dictionary attack...
|
||||
|
||||
|
||||
## Comments and Questions
|
||||
- Lets mentions Bill Platte in our slides
|
||||
- Craig and Jonathan should add something to the script... dicuss with David
|
||||
-
|
||||
10
meetings/mcallister_and_quinn.md
Normal file
10
meetings/mcallister_and_quinn.md
Normal file
@@ -0,0 +1,10 @@
|
||||
# McAlliser And Quinn Metting Notes (04/18/25)
|
||||
|
||||
DARPA expect 70% of things to fail.
|
||||
|
||||
DARPA wants numbers like we've improved X%.
|
||||
- four character nKode meeting NIST's minimum 8 character user created passcode.
|
||||
|
||||
Need to emphisize easy of use. Jonathan said warfighters have a difficult time with authentication so they leave the phones open so they don't have to reauthenticate.
|
||||
https://www.darpaconnect.us/eris
|
||||
|
||||
30
meetings/next auburn meeting.md
Normal file
30
meetings/next auburn meeting.md
Normal file
@@ -0,0 +1,30 @@
|
||||
# Next Auburn Meeting
|
||||
|
||||
Hi Auburn Team,
|
||||
|
||||
Last meeting, Jonathan mentioned that you guys can do some white/grey box testing.
|
||||
We're in agreement that that is a great starting place.
|
||||
|
||||
## How many key-selection observations are required to crack an nKode under a given policy configuration?
|
||||
|
||||
|
||||
### Policy Parameters
|
||||
|
||||
1. iconComplexity:
|
||||
The total number of unique icons available in the system.
|
||||
(Defines the diversity of visual elements used in the passcode.)
|
||||
2. passcodeLength:
|
||||
The number of icons in a passcode.
|
||||
(Determines the sequence length required for authentication.)
|
||||
3. maxFailedAttempts:
|
||||
The number of incorrect login attempts allowed before an account is locked.
|
||||
(Controls brute-force mitigation by limiting retries.)
|
||||
4. keypadSize:
|
||||
The total number of keys displayed on the keypad.
|
||||
(Impacts usability and potential guesswork complexity.)
|
||||
5. iconsPerKey:
|
||||
The number of icons assigned to each key.
|
||||
(Specifies the visual density per key, affecting recognition difficulty.)
|
||||
6. keypadHashLimit:
|
||||
The number of unique keypad layouts stored before old hashes are rotated out.
|
||||
(Ensures keypads are randomized across logins while limiting memory usage.)
|
||||
Reference in New Issue
Block a user