blob: f2fa3b1733b6bccb3ba2c8bae3fb0de9776c5ecc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
Soon:
* Implement the different categories of servers in the server list.
* Get some keysafe servers set up.
* Run --uploadqueued periodically (systemd timer or desktop autostart?)
* Add desktop autostart mode that checks for gpg keys that have not been
backed up, and offers to back them up. Only once.
Later:
* improve restore progress bar points (update after every hash try)
* If we retrieved enough shares successfully, but decrypt failed, must
be a wrong password, so prompt for re-entry and retry with those shares.
* Don't require --totalshares and --neededshares on restore when unusual
values were used for backup. Instead, probe until enough shares are found
to restore.
* --no-jargon which makes the UI avoid terms like "secret key" and "crack
password". Do usability testing!
* --key-value=$N which eliminates the question about password value,
and rejects passwords that would cost less than $N to crack at current
rates. This should add a combo box to the password entry form in the
GUI to let the user adjust the $N there.
* In backup, only upload to N-1 servers immediately, and delay the rest
for up to several days, with some uploads of chaff, to prevent
collaborating evil servers from correlating related shards.
* Add some random padding to http requests and responses, to make it
harder for traffic analysis to tell that it's keysafe traffic.
Wishlist:
* Keep secret keys in locked memory until they're encrypted.
(Raaz makes this possible to do.)
Would be nice, but not super-important, since gpg secret keys
are passphrase protected anyway..
|