search

reputage / seedQuest

A 3D Visual Mnemonic Game for Key Recovery
Apache License 2.0
54 stars 7 forks source link

Characters allowed for Encyption #535

Closed michaelmendoza closed 4 years ago

michaelmendoza commented 5 years ago

Is your feature request related to a problem? Please describe. Currently seedquest allows HEX characters for the encoding for passwords/private key seeds. Passwords often allow characters [a-z], [A-z], [0-9], and symbols. We should allow for more character types than hex. Some password often require lower case, upper case, and a number. Currently couldn't use SeedQuest for a password of this type.

Describe the solution you'd like Create an option to use [a-z], [A-z], [0-9] instead of only HEX for passwords

michaelmendoza commented 5 years ago

Example of password for LastPass signup

Screen Shot 2019-10-03 at 7 19 14 AM
westonb7 commented 4 years ago

I've made some changes in the branch "Seed_updates" that changes both the start and end screens to allow the characters [a-z] [A-Z] [0-9] and the '+' and '/' characters (default base 64 encoding). Using base 64 encoding we can encode and recover passwords that are 22 characters long.

However, this does not allow the use of other non-alphanumeric symbols such as: !@#$%^&*()_[]\;',.?

If we want to go in a direction that allows other symbols (using ASCII encoding, or a special mapping that replicates ASCII) I can do that instead, however using ASCII encoding to allow symbols will reduce the length of recoverable passwords to 16 characters maximum.

westonb7 commented 4 years ago

I've updated the character password functionality - it no longer uses Base64 encoding, and instead uses a custom version of Ascii encoding instead. This allows the use of non-alphanumeric symbols such as !@#$%^&*(){}|:"<>?[]\;',./ etc.

However since Ascii encoding doesn't always have a character to represent every single combination of bits, any time the user does a run through recall mode, if they recover a sequence of bits that would encode a character outside the normal range of Ascii characters, it will instead default to a whitespace character.

This can result in multiple paths through seedquest resulting in the same character seed, but only if the seed includes a whitespace character. This shouldn't be an issue when seedquest is being used as intended - because the end user shouldn't be generating seeds 'de novo' from recall mode in the first place.

However, this means if you're planning on 'creating' a specific seed to use as a demo by using recall mode, be careful to not use the character seed generated at the end - instead use either the Bip-39 seed or the hex seed.