A keyboard-replacement program (e.g., an app for touchscreen mobile devices) helpfully automatically adds words it does not know into the user dictionary for future faster typing (e.g., predictive text) next time. However, we do not want to store passwords, for in case the phone is stolen, the thief can scan the user dictionary for all passwords.
At the outset, type all the words you don't ever want added to the user dictionary into a special interface. These words then get stored in a Bloom filter, which we hope cannot be easily reversed. (Is this true? I think there's no way to avoid it being helpful in eliminating possibilities for a brute force offline attack. Also, if a match is found by brute force, it probably cannot be plausibly denied: "No, I've never typed the word piratebay.")
A nicer UI would be to periodically review the user dictionary, and securely delete certain words while adding them to the Bloom filter.
This could also work for web browser history and similar recent activity saving.
No comments :
Post a Comment