Friday, December 14, 2018

security - Is it reasonably safe to use PIN code for encryption?


On the Android 4.0 (Samsung Galaxy Nexus) there is a posibilty to encrypt the phone. I found this about the encryption on Android 3.0, is the same algorithms used in Android 4? http://source.android.com/tech/encryption/android_crypto_implementation.html


My main question concerns the use of a PIN code to decrypt your phone. Why am I forced to use the same password to unlock my screen and to decrypt my phone? This restriction will only allow me to use a password of low complexity (like a PIN number) since it would be to hard to write in i.e. 17 characters to unlock my phone for a simple phone call.


Brute force attempts against the screen unlock could be prevented i.e. by a force reboot every 5 tries. So there is not any need for a very strong password there, a PIN might be good enough.
This type of protection can not be used on the disc, thus there is a greater need for stronger passwords here. (It doesn't help much that the entropi of passwords have increased since there will be very few users with a complex password, so an attacker could simply try most passwords with low complexity). What is the reasoning behind being forced to use the same password for both features?




Answer



I think I have found the solution. Check this link. It's a hack and it requires a phone to be rooted, but it does allow you to use alphanumeric password for encryption and PIN for screen unlock.


No comments:

Post a Comment

samsung galaxy s 2 - Cannot restore Kies backup after firmware upgrade

I backed up my Samsung Galaxy S2 on Kies before updating to Ice Cream Sandwich. After the upgrade I tried to restore, but the restore fails ...