Pattern unlocking

Tej Shah tshah.dental at gmail.com
Fri Jun 14 19:11:46 BST 2019 

So my idea/design is a very simple one: the pattern unlock screen is really
just a fancy virtual keyboard.

So the user is presented with a 3x3 grid of nodes which internally looks
like this:
abc
def
hij

So if the user does a pattern from the upper left to the upper right, the
component returns back "abc". If the user does a pattern from the upper
left, to the bottom left, and then to the bottom right, it would return
"adhij". It does not do any fancy hashing or encryption. It is just a very
cool virtual keyboard that sends to the input directly to kscreenlocker's
password TextField. Therefore, it actually never really interacts with PAM
directly. PAM does know/care if the letters came via keyboard or pattern
and will handle it the same. My idea is to make a a version of the QML
greeter based on this:
https://github.com/KDE/kscreenlocker/tree/master/greeter/fallbacktheme and
just add in the option for pattern along with virtual keyboard.

So, lets say the user sets the password via pattern unlocking to be
"adhec". The user technically has a choice to unlock via the pattern, or
simply type via keyboard "adhec" and both would work the same. Lets say the
user logs in and via the console/terminal sets the password to something
like "wxyz123" and logs out. Then pattern unlock no longer works! The user
can do whatever pattern but it will never generate the correct password. In
this case, the user will have to hit the "Virtual Keyboard" button on the
bottom left to enter in the correct password. Android solves this issue by
only having one method to set/change the password and then storing the
metadata elsewhere the input method.

Another issue is that is input method is inherently less secure than normal
keyboard input since there are only 9 characters that are used and limited
permutations of those characters. Android basically "solves" this by
informing the user that it is less secure ;-). Basically, this feature
trades security for convince.

How does design sound to you?


On Fri, Jun 14, 2019 at 12:15 PM Aleix Pol <aleixpol at kde.org> wrote:

> It all makes sense, you've looked at the easy part of the problem though.
>
> You want to look at how the authentication actually needs to happen.
>
> At the moment it's PAM who decides if the password is right or not:
> - how are you going to turn a pattern into something PAM understands?
> - how are users going to enter the pattern they want?
> - will the pattern change when the user changes her password?
> - has it been done before? how were these being solved then?
>
> See http://www.linux-pam.org/
>
> HTH,
> Aleix
>
> On Fri, Jun 14, 2019 at 5:53 PM Tej Shah <tshah.dental at gmail.com> wrote:
> >
> > Thanks. So here is how I plan on doing it:
> >
> > If you have ever used an Android phone, it will basically work the same
> way.
> > The user will have the option of using a normal typed in password, or
> pattern unlock method.
> > There will be a 3x3 grid of "nodes" in which the user can go from node
> to node to create a pattern.
> > In the backend, each node is assigned a letter (a,b,c, and so on) and
> that will be used to generate the password. This also means in theory, the
> user can also use a virtual or real keyboard to type in the same password
> as pattern would generate.
> > I plan on using mostly QML with whichever KDE-QML modules are required
> for the correct theme color scheme.
> > Very long story short, I am in a situation where I need to ensure that
> it works both on Plasma Desktop and Plasma Mobile. It would be nice if KDE
> Plasma were to take it upstream and it be included in KDE Neon Desktop and
> eventually Kubuntu.
> >
> > Please let me know if there are any issues with this idea. Thanks.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On Fri, Jun 14, 2019 at 11:22 AM Aleix Pol <aleixpol at kde.org> wrote:
> >>
> >> On Fri, Jun 14, 2019 at 4:26 PM Tej Shah <tshah.dental at gmail.com>
> wrote:
> >> >
> >> > Hi, I apologize if this is the wrong mailing list for this, but I got
> a quick question:
> >> >
> >> > Is anybody already working on a pattern based unlock for either KDE
> on Desktop or Plasma Mobile? If not, and I write one, will it be merged
> upstream?
> >>
> >> I don't know about anyone who has looked into it, but it would be
> >> really nice to have. :)
> >>
> >> I'd happily review your patch.
> >>
> >> Aleix
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-mobile/attachments/20190614/c4be5abb/attachment-0001.html>

More information about the Plasma-mobile mailing list