blob: e166af02902016a8603fdea9eab7d7f1c8754869 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
* SSS implementation may be wrong. finite-field is documented to only
support prime fields, but is used here with non-prime 2^8.
* test suite (eg, test basic storage and restore of various size data)
* tune hashes on more powerful hardware than thermal throttling laptop
* improve restore progress bar points (update after every hash try)
* If we retrieved enough shares successfully, but decrypt failed, must
be a wrong password, so prompt for re-entry and retry with those shares.
* client/server Proof Of Work
* use TOR
* --no-jargon which makes the UI avoid terms like "secret key" and "crack
password". Do usability testing!
* --key-value=$N which eliminates the question about password value,
and rejects passwords that would cost less than $N to crack at current
rates. This should add a combo box to the password entry form in the
GUI to let the user adjust the $N there.
* --name and --othername to allow specifying those at the command line,
bypassing the prompts. With these and --key-value, keysafe would only
prompt for the password.
* .desktop file
* Run --uploadqueued periodically (systemd timer?)
* Keep secret keys in locked memory until they're encrypted.
(Raaz makes this possible to do.)
Would be nice, but not super-important, since gpg secret keys
are passphrase protected anyway..
|