README cosmetics

README.md

@@ -2,20 +2,28 @@
 
 Motenpoche ([mot-ɑ̃-pɔʃ] - like in *"Mot en poche"*, French for "word in [your] pocket")
 is a physical password vault to carry around your secrets securely. Once connected
-to a PC and unlocked with a main passphrase and it will automatically paste
-passwords selected from your collection.
+to a PC and unlocked with a main passphrase it will paste passwords selected from
+your collection by pressing a button.
 
 Passwords can be provisioned with the help of a host-side command line tool that
-can be run on a GNU/Linux PC.
+can be run on a GNU/Linux PC, either one by one or importing from an existing 
+(software) vault.
 
 ## Status
 
 This project is still in an early alpha phase and has not been properly tested yet.
-Use at your own risk, no guarantee provided on loss of secret information, service
-profiles, bank details or other relevant information. The author and the 
-contributors recommends not to use this software for any purpose rather than 
-security auditing, research and study, and they cannot be held responsible or any
-damage of any kind resulting from any proper or improper use.
+
+There are in particular, the following known security issues:
+
+- No proper string boundary check
+- No proper serial protocol hardening
+- Incomplete password wiping from memory after use
+
+Use at your own risk, no guarantee provided on loss of secret data, service
+profiles, bank details or other relevant information that have been stored on the
+device. The author and the contributors recommend not to use this software for any
+purpose other than security auditing, research and study, and they cannot be held
+responsible or any damage of any kind resulting from any proper or improper use.
 
 ## Software License
 
@@ -32,6 +40,8 @@ my password database if I want to access services when I'm abroad.
 This system was created to have a temporary physical storage that can be carried
 around (and lost, or forgotten on a public transportation...) with reduced risk.
 
+More features may be available in the future based on  user experience.
+
 ## Hardware design
 
 The design is based on the rp2040 "Raspberry Pi Pico" board, with a few components
@@ -61,7 +71,6 @@ software in this repository:
 | GPIO26 | FUNC\_I2C   | I2C Display SDA | none (automatic pull-up) |
 | GPIO27 | FUNC\_I2C   | I2C Display SCL | none (automatic pull-up) |
 
-
 ## How it works
 
 The siple idea behind it is that the device does not carry any secret in plain
@@ -70,11 +79,11 @@ unique keys created when the device is initialized.
 The encryption key is symmetrical (ChaCha) and can be derived on board using the
 main passphrase, which is entered through the rotary and the confirm button.
 
-The signature key (Ecc256) is created during device initialization on the PC. The
-key is used to sign the passwords to be added to the vault.
+The signature key (ECC256) is created during device initialization on the PC that
+holds it. The key is then used to sign the passwords to be added to the vault.
 
-Passwords can be provisioned using the host tool, either manually or importing
-them from a CSV file, previously exported from e.g. a software password manager
+Passwords can be provisioned using the host tool, either one by one, or importing
+from a CSV file previously exported from, e.g. a software password manager
 or a web browser.
 
 When the device is unlocked, selecting the service needed from the "Services" menu