Add qrcode generator

[iShift]

Added qrcode generator with this lib https://github.com/davidshimjs/qrcodejs

screenshots:
Standart profile page:

After Show secret key button:

after show qrcode link:

Don't worry about my secret code, it is public-test account of Russian IT community

[iShift]

we can use it in future for migrating account to mobile phones
and also save key as img

[kseistrup]

Cool!

[rbertoche]

That was a good one...
I think we should also link or provide some safe QR decoder, though. Its
something we can distribute and that runs offline.

Thanks iShift!

[iShift]

In near future I would research decoder

[miguelfreitas]

I think we should only merge this when we have also a working decoder.

Btw, i've seen that most used Android QR scanner accessing the internet everytime i scan something. It looks very dangerous to me to have an image like that people would be trying to scan with unsecure scanners broadcasting their secret keys to the world...

[rbertoche]

I was thinking about apps like google goggles, that scans all your internal
memory for images. You shoot your key, wait a few minutes before erasing
it, and bam, google got it and decoded it. Having an offline method to
decode the image won't stop it.
You may say twister users aren't dumb enough to install such evil app, but
I had it, then I guess they may be.

Just a thought: What if we ask for a safe password to encrypt the key, and
only then we QR encode it, after encryption?
Then he may send this QR to any online decoder to get the encrypted key.
This key will only be useful together with a chosen password, and this
password won't be on the picture.
We'll just need to add a new line to login screen with 2 inputs to enter
this encrypted key and its password.
Now your key won't travel the world unencrypted. What about it?

On 24 February 2014 15:49, miguelfreitas notifications@github.com wrote:

I think we should only merge this when we have also a working decoder.

Btw, i've seen that most used Android QR scanner accessing the internet
everytime i scan something. It looks very dangerous to me to have an image
like that people would be trying to scan with unsecure scanners
broadcasting their secret keys to the world...

—
Reply to this email directly or view it on GitHubhttps://github.com//pull/101#issuecomment-35920528
.

[miguelfreitas]

@rbertoche "Just a thought: What if we ask for a safe password to encrypt the key, and
only then we QR encode it, after encryption?" => Brilliant! That would be great.

[jpfox]

It would be great if secret key was never visible in clear, but password encrypted. It would also permit to share a home server for family... everybody would need his password to swap to his account ?

[iShift]

qrcode decoder http://webqr.com/ (offline) https://github.com/LazarSoft/jsqrcode

[iShift]

That was tested in calm...

[nitmir]

A passphrase on each secret key, asked on login, would be really great to allow server sharing. Thus I could introduce twister to my mom.