Skip to content

Optional PINs per volume, to protect volume passwords a little more #79

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Optional PINs per volume, to protect volume passwords a little more #79

wants to merge 6 commits into from

Conversation

marfl
Copy link

@marfl marfl commented Mar 10, 2015

This pull requests implements the following feature:

  • If password caching is on and a password would be saved (e.g., after unlocking a volume for the first time), the user is asked first if he wants to set an optional PIN for that volume.
  • Whenever the user unlocks a volume for which a password is cached and a PIN is set, he needs to enter that PIN.
  • If a wrong PIN is entered, the volume is not unlocked. If a wrong PIN is entered three times, the password is deleted from the database and needs to be entered again.
  • There are no additional UI elements and the PIN can only be changed by entering a wrong pin three times or by deleting the volume and adding it again.

With this, users can use secure (and thus hard to remember and type) passwords for their EncFS containers without breaking usability. Still, if someone snatches their device, they cannot simply look at all volumes. At the same time, some volumes that are accessed very often, like volumes with notes, can still be accessed quickly.

This is the same idea I outlined in the discussion for #13. However, I now believe that PINs per volume are a somewhat different feature than a PIN for the whole app and that both features could also coexist.

Last note: PINs and passwords are saved unencrypted in the database, so this is not a security measure against sophisticated adversaries.

Martin Florian added 6 commits February 8, 2015 22:14
Setting and entering PINs per volume
a57dfbe 
Work in progress...

Done so far: once a volume's key is cached for the first time, the user can set
a PIN. During unlocking, the cached key is used only if the correct PIN has
been supplied.

Needs a database update, so all existing volumes must be deleted and re-added
manually (I think).
Feedback on wrong PIN
c2c9848
Counting failed PIN attempts
026177d 
Also delete cached key on three failed attempts
Minor code cleanup
d09b579
Incremented DB_VERSION and updated onUpgrade
7472778 
The PIN and PINATTEMPTS columns should now be created on upgrade from
older versions.
Fixed inconsistency when disabling password caching
00c0d2f 
PINs were not deleted alongside passwords when password caching is disabled
in the settings.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@marfl