Skip to content

Create Extra Card for PA0 and Validate Correctness by Deriving SA0 #22

New issue
New issue
Open
Open
Create Extra Card for PA0 and Validate Correctness by Deriving SA0#22
@c0d3sw0t

Description

@c0d3sw0t
c0d3sw0t
opened on Oct 30, 2024

Extracted from documentation: T3-InfoSec/t3-memassist#10

What is the Problem or Limitation?

There is a need to ensure the correctness of the PA0 card, which serves as an additional card in the memorization assistant. The PA0 card's correctness must be validated by deriving another key (SA0) and checking it against stored information. Without this step, there is a risk of incorrect data validation, which could impact the user’s ability to interact meaningfully with the memorization assistance.

Describe the Solution You Would Like

To ensure the PA0 card’s correctness, the following logic needs to be implemented:

  1. Creating the Extra PA0 Card:

    • PA0 is an additional card with unique information to serve a specific purpose within the memorization flow.
    • The card's structure should follow the same format as other cards but must include logic that relates to the SA0 key.

  2. Deriving SA0 for Validation:

    • Implement logic to derive the SA0 value based on user input or a predefined cryptographic process.
    • The SA0 derivation should be deterministic, meaning the same input must always yield the same output.

  3. Validating Correctness:

    • After deriving the SA0, compare it with the reference value stored on the PA0 card.
    • If the derived SA0 matches the stored value, mark the PA0 card as correct. If not, notify the user of the mismatch and prompt them to reattempt or assign a low memorization score to that card.

  4. Feedback Mechanism for Incorrect Attempts:

    • If the user gets the answer wrong once, provide encouragement to assign a lower score to the card, helping them identify areas that need further review.

Additional Considerations

  • Data Security: Store the derived SA0 temporarily and ensure it is wiped from memory after validation to prevent unauthorized access.
  • User Guidance: Provide clear feedback on how the PA0 validation affects progress and guide users on the next steps when incorrect answers occur.
  • Error Handling: Ensure that validation checks run smoothly with appropriate error messages in cases of input mismatches or cryptographic issues.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions