GrapheneOS
provide a UI for generating random PIN/passphrases
Now that the insecure pattern screenlock option has been hidden in the UI, it would be nice to provide an easy way for users to get randomly generated PIN and passphrases directly from Settings and SetupWizard. Equiprobability is a requirement for high-quality entropy so random generation should be heavily suggested.
Relevant informations:
-
6-8 digit PIN is the ideal PIN length for most people on GrapheneOS-supported devices, thanks to the secure element throttling feature (Titan M allows only one attempt/day after 140 failed attempts). Most users don't have a high threat model to justify for more security (at cost of discomfort), so they'll be fine with trusting the secure element not being exploited by an adversary.
-
A randomly generated 6 digit PIN code should provide roughly ~20 bits of entropy, where a 8 digit PIN code provides ~26.5, which is equivalent to weak passphrase such as 2 words randomly picked from the diceware wordlist (~25). But we don't gain much in practice from even 12 digit PIN, given that the secure element is trusted.
-
If they don't want to trust the secure element, they can still choose very strong passphrases. Almost strong passphrases can also be decent given that the hardware-bound key derivation has to be bypassed.
-
More information: https://grapheneos.org/faq#security-and-privacy
The UI should be minimal, easy-to-use with sane defaults, while being informative.
The UI for this should likely do the following:
- Give user a choice between a PIN or Password
- Select length (6-8 for PIN, 4-8 for diceware passphrases)
- Provide a number of options for chosen method/length (perhaps 6 random options)
- Once chosen, have the user input it once while they can still see the one they've picked
- Have them input it two more times, without being able to see it this time
- If they have entered it correctly all 3 times, set that generated PIN/Password as lock method
