Index
Overview
Advanced Settings
Item Set
Security Level
Variant
Groups or Symbols
Screens
Computational Delay
Sequences
Encryption Keys
Encryption Strength
Extended Security
Maximum Items per Category
Navigation and Tool Bars
Main Screen -> -> ->
Overview   top
On this screen you create standard locks. You select the item set to be used and choose the format and number of access sequences.

You should create at least a log in lock and a data lock. When you are done, the locks are ready to be assigned for use in your identity and from then on available to lock and unlock your documents and to send secure data to someone else.

The parameters are displayed as a list of rows:

Advanced Settings   top
Switch this on or off to show or hide some of the less-used settings. Switch it off to make the screen a bit less overwhelming.

Item Set   top
Tap to select the item set. Item sets must have been categorized (except for password sets) in order to be used. Only categorized item sets are shown.

Security Level   top
The security level is a very rough measure of the strength of the lock. It is not related to the strength of the encryption, but is based on the number of possible password values an attacker would have to try to gain access by brute force.

When 'advanced settings' are switched on then only the security level is shown. When off, an additonal three lines are displayed. These lines show how the settings affect the time it would take to try all passwords on an iPhone and on two machines taken from the Top 500 supercomputer list (as of 11/2013).

Below, the speed factor is indicated in parentheses. The values are only meant to give an approximate, relative idea of the time scales and magnitude of the numbers involved.
•  iPhone 5 (x 1)
•  rank 500 (x 200,000)
•  rank 1 - the fastest computer there is (x 50,000,000) - don't get depressed, at least you can carry your computer in your pocket :-)

The security level field changes color from red through orange to green depending on the security level. This is just a guideline. For example, many electronic door locks (also the numeric passcode on your device) have a security level of 1:10,000.

Pick a level according to your security requirements and how often you need access.

Variant   top
Select the variant. The Match variant is only available for image sets.

Groups or Symbols   top
The number of groups (Compare variant) or symbols (Match variant) is the radix - the number of possible values to choose from on each entry screen. The smaller the radix, the more entry screens you need to achieve a desired security level.

This is a trade-off between doing something easy (small radix) many times (long sequence) or something harder (big radix) fewer times (short sequence).

Screens   top
The length of the access sequence. The longer the sequence, the less likely it is for an attacker to gain access, but the more effort it will be for you to gain access as well. However, this works heavily in your favor: an additional screen is not much more effort for you, but multiplies the number of tries for an attacker by a large amount.

Computational Delay   top
This determines how long it takes to validate one password. If you are willing to wait five seconds after solving an access sequence, an attacker would have to wait five seconds for each try. This makes brute force attacks very expensive (if not impractical). Unfortunately this acts only as a brake - the delay is not absolute. It will be shorter on faster computers, but it will add up - look at the security level as you make adjustments.

Sequences   top
The number of access sequences to generate. More are better. Password item sets only have a single sequence, so this row is omitted.

Encryption Keys   top
If you have a text file with one or more RSA key pairs you can import it here and use it to create the lock instead of letting your device generate the key pairs. This allows you to create multiple locks with the same encryption keys (generally this is undesirable) and also to recreate a lock for a specific key pair.

Supply two key pairs to retain the Coercion functionality (the second pair will be used for coercion). The format for each key pair is the raw text including the headers, i.e. the whole
'-----BEGIN RSA PUBLIC KEY-----'
...
'-----END RSA PUBLIC KEY-----'
block and the whole
'-----BEGIN RSA PRIVATE KEY-----'
...
'-----END RSA PRIVATE KEY-----'
block.

Private keys are the keys to your kingdom! Don't keep them around! The raison d'ĂȘtre of locks is to make private keys only accessible to you!
(And, just for fun, one extra: !)

You can also create keys on the Encryption Keys screen (see Encryption Keys).

The list from which to select keys contains all keys you create yourself as well as all available text files. If a selected file's data is not accessible you will be asked for access.
Whether a text file contains a key or not can only be determined if its data is accessible. Locked text files will be rejected (and hidden) after their data is made accessible and it is found that they don't contain keys.

You can create only one lock (per identity) for a set of keys. If you create another one it will replace the existing one.

Encryption Strength   top
This refers to the strength of the encryption which is related to the length of the keys in bits. Higher is better. The highest setting can take a minute or more to generate.

• Medium: 1,024 bit key. Still considered adequate and widely used, but the industry is shifting towards the next level.
• High: 2,048 bit key. The next generation, considered secure enough.
• Very High: 3,072 bits.
• Highest: 4,096 bits.

If long is good, then longer is better, right? The last two may be overkill.

Extended Security   top
For additional security with the Compare variant you can select Three Items per Group. This will make it harder to guess which items are correct when someone is watching you pick a group on an entry screen.

For the Match variant you can choose to Wrap Symbols. This makes it harder for an observer to categorize items.
Symbols such as , for example, give away some information about item categories: no matter where this symbol is displayed, the top left and bottom right items in the enclosing 2x2 box must be unknown items. Therefore, since the symbol could be at the edges, those items can be deduced to be unknown items. To avoid this, symbols can be wrapped. This makes your life harder too: there may be two symbols visible on either side of the screen. One is partial, the other one is complete. You must pick the 'bigger' one.

You have to decide if this is necessary, i.e. if there is a chance that you will be repeatedly observed solving access sequences.

Maximum Items per Category   top
If you created an item set with a lot of items you can reduce the size of the lock file by reducing the number of items which will be used in the lock. Items will be picked randomly from the item set up to the specfied number - even you won't know which items are used. On the other hand, using all items will make your access sequences more varied.

Navigation and Tool Bars   top
: tap when you are ready to create a lock. Depending on the encryption strength and number of sequences, it may take up to a few minutes to create the lock.

Previous: Locks  Next: Define Group Locks
Copyright ©2014
bitSplit™ Enterprises.
All rights reserved.
Sunday, March 9, 2014