From 4ad4a8e90af5432e6ef5bc910f14fb398391baf2 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Mon, 9 May 2022 17:21:15 -0400
Subject: [PATCH] split out PIN scrambling / longer passwords

---
 static/features.html | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/static/features.html b/static/features.html
index e4cf1b53..bb5e2458 100644
--- a/static/features.html
+++ b/static/features.html
@@ -111,6 +111,9 @@
                             <li><a href="#broad-carrier-support">Broad carrier support without invasive carrier access</a></li>
                             <li><a href="#lte-only-mode">LTE-only mode</a></li>
                             <li><a href="#private-screenshots">Private screenshots</a></li>
+                            <li><a href="#pin-scrambling">PIN scrambling</a></li>
+                            <li><a href="#supports-longer-passwords">Supports longer
+                            passwords</a></li>
                             <li>
                                 <a href="#improved-user-profiles">Improved user profiles</a>
                                 <ul>
@@ -503,6 +506,27 @@
                     it to be useful.</p>
                 </section>
 
+                <section id="pin-scrambling">
+                    <h3><a href="#pin-scrambling">PIN scrambling</a></h3>
+
+                    <p>GrapheneOS adds a toggle for enabling PIN scrambling to raise the
+                    difficulty of figuring out the PIN being entered by a user either due to
+                    physical proximity or a side channel.</p>
+                </section>
+
+                <section id="supports-longer-passwords">
+                    <h3><a href="#supports-longer-passwords">Supports longer passwords</a></h3>
+
+                    <p>GrapheneOS supports setting longer passwords by default: 64 characters
+                    instead of 16 characters. This avoids the need to use a device manager to
+                    enable this functionality.</p>
+
+                    <p>This feature allows users to make use of diceware passwords if they don't
+                    want to depend on the security of the secure element which provides very
+                    aggressive throttling and offers a high level of security even for a random 6
+                    digit PIN.</p>
+                </section>
+
                 <section id="improved-user-profiles">
                     <h3><a href="#improved-user-profiles">Improved user profiles</a></h3>
 
@@ -563,14 +587,11 @@
                         <li>Improved user visibility into persistent firmware security through version
                         and configuration verification with reporting of inconsistencies and debug
                         features being enabled.</li>
-                        <li>Support for longer passwords by default (64 characters instead of 16)
-                        without requiring a device manager</li>
                         <li>Stricter implementation of the optional fingerprint unlock feature permitting
                         only 5 attempts rather than 20 before permanent lockout (our recommendation is
                         still keeping sensitive data in user profiles without fingerprint unlock)</li>
                         <li>Support for using the fingerprint scanner only for authentication in apps
                         and unlocking hardware keystore keys by toggling off support for unlocking.</li>
-                        <li>PIN scrambling option</li>
                         <li><a href="/usage#wifi-privacy-associated">Per-connection MAC randomization
                         option (enabled by default)</a> as a more private option than the standard
                         persistent per-network random MAC.</li>