diff options
-rw-r--r-- | TODO | 12 |
1 files changed, 10 insertions, 2 deletions
@@ -12,8 +12,16 @@ Later: * If we retrieved enough shares successfully, but decrypt failed, must be a wrong password, so prompt for re-entry and retry with those shares. * Don't require --totalshares and --neededshares on restore when unusual - values were used for backup. Instead, probe until enough shares are found - to restore. + values were used for backup. Instead, try to download at least 2 shares, + and run SS.decode. If it throws AssertionFailed, there were not enough + shares, so get more shares and retry. +* It can be useful to upload 2 shares to keysafe servers, and store 2 + shares locally; with 3 shares needed to restore this prevents all + possible cracking attempts of the data on the servers, and if the local + data is compromised, the user will probably know, and has a long + time period before the password can be guessed to take steps. + Supporting this use case needs a way to redirect L shares to local + storage, with the other M-L going to servers as usual. * --no-jargon which makes the UI avoid terms like "secret key" and "crack password". Do usability testing! * --key-value=$N which eliminates the question about password value, |