search

cyphar / paperback

Paper backup generator suitable for long-term storage.
GNU General Public License v3.0
1.09k stars 40 forks source link

Questions regarding paperback #1

Closed DonaldTsang closed 4 years ago

DonaldTsang commented 4 years ago
  1. Is this the same as OllyBdg's original PaperBack?
  2. What barcode does it use to store data?
  3. Does it store everything over a single barcode, or is it multiple?
  4. Can it store data over multiple pages for bigger data?
cyphar commented 4 years ago

This is still a work-in-progress project and it looks like I'm going to do a complete rewrite of the core code in Rust to work around the lack of nice Go GUI toolkits. But to answer your questions:

  1. No, this is a completely separate project. The main differences are that the main document is encrypted, and the private encryption key is sharded using Shamir Secret Sharing to allow you to use this as a will-like document so people can recover it without you present. It's more than just a "print this data on paper" scheme, because in my experience that's not what most people actually want (they want to be able to store their backups at their friends' and family's houses without worrying about it being stolen or abused).

  2. The current plan is to use DataMatrix, which is very similar to QR but has better data density. However this will need some more careful consideration because I've found that phone DataMatrix scanning can be slightly buggy (especially with really large barcodes). My main issue with QR is that the data density is many multiples smaller than DataMatrix and you don't get much more error correction in the trade-off.

  3. We would support multiple, but it depends on the document size. Ideally we would use the minimum number of barcodes necessary -- so if it can fit in one, then we'd use one.

  4. Yeah we would support multiple pages. I would be a bit worried about people losing one of the pages (making it harder to track "who has my full backup") but because the main document (same for everyone) is separate from the key shards (different for each backup person) we don't really need to care about someone losing a page -- there should be enough copies because the data is encrypted with a key that no individual knows.

cyphar commented 4 years ago

The rust rewrite has been completed (at the very least, the features that were implemented for the old paperback codebase are now implemented for this one). There is also now an incredibly detailed design document which not only describes the threat model and cryptography, but also exactly how the documents are laid out.