diff options
| author | Joey Hess <joeyh@joeyh.name> | 2016-10-05 23:29:34 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2016-10-05 23:29:34 -0400 |
| commit | 54d3bfbb98958cb49399f1a7f092fa43593ef4c8 (patch) | |
| tree | 034b6cf31369d8c5fc1d388d059461b64feddd2f | |
| parent | f31b48a708afa55f3d7806d0b944d64380083e3f (diff) | |
| download | keysafe-54d3bfbb98958cb49399f1a7f092fa43593ef4c8.tar.gz | |
todo
| -rw-r--r-- | TODO | 12 |
1 files changed, 10 insertions, 2 deletions
@@ -12,8 +12,16 @@ Later: * If we retrieved enough shares successfully, but decrypt failed, must be a wrong password, so prompt for re-entry and retry with those shares. * Don't require --totalshares and --neededshares on restore when unusual - values were used for backup. Instead, probe until enough shares are found - to restore. + values were used for backup. Instead, try to download at least 2 shares, + and run SS.decode. If it throws AssertionFailed, there were not enough + shares, so get more shares and retry. +* It can be useful to upload 2 shares to keysafe servers, and store 2 + shares locally; with 3 shares needed to restore this prevents all + possible cracking attempts of the data on the servers, and if the local + data is compromised, the user will probably know, and has a long + time period before the password can be guessed to take steps. + Supporting this use case needs a way to redirect L shares to local + storage, with the other M-L going to servers as usual. * --no-jargon which makes the UI avoid terms like "secret key" and "crack password". Do usability testing! * --key-value=$N which eliminates the question about password value, |