notes/meetings/next auburn meeting.md

Next Auburn Meeting

Hi Auburn Team,

Last meeting, Jonathan mentioned that you guys can do some white/grey box testing. We're in agreement that that is a great starting place.

How many key-selection observations are required to crack an nKode under a given policy configuration?

Policy Parameters

1. iconComplexity: The total number of unique icons available in the system. (Defines the diversity of visual elements used in the passcode.)
2. passcodeLength: The number of icons in a passcode. (Determines the sequence length required for authentication.)
3. maxFailedAttempts: The number of incorrect login attempts allowed before an account is locked. (Controls brute-force mitigation by limiting retries.)
4. keypadSize: The total number of keys displayed on the keypad. (Impacts usability and potential guesswork complexity.)
5. iconsPerKey: The number of icons assigned to each key. (Specifies the visual density per key, affecting recognition difficulty.)
6. keypadHashLimit: The number of unique keypad layouts stored before old hashes are rotated out. (Ensures keypads are randomized across logins while limiting memory usage.)