Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] cellebrite report

Douglas Lucas dal at riseup.net
Fri Mar 8 19:57:58 PST 2013


These alternative passcode systems are really neat. Is there a way,
though, to quantify, for the different systems, how plausibly the
passcode can be 1) remembered or 2) forgotten or 3) "forgotten"?

On 02/27/2013 09:42 AM, R. Jason Cronk wrote:
> You could play Guitar Hero to get in your phone...
> 
> http://bojinov.org/professional/usenixsec2012-rubberhose.pdf
> 
> Another option would be to use animal species.  There are some 3-30
> million different species of animals. Even restricting oneself to
> vertebrates, you have about 50,000 species (a five fold increase over a
> 4 digit pin).  The user would be presented with a series of reducing
> questions. Question 1) Amphibian, Reptile, Bird, Mammal, Fish, etc.... 
> The user need only remember how to get to their one animal choice. 
> Additional orders of magnitude could be had by adding invertebrates,
> plants, minerals on the front end or subspecies on the back end.
> 
> Jason
> 
> 
> On Wed, Feb 27, 2013 at 9:06 AM, Tom Ritter <tom at ritter.vg
> <mailto:tom at ritter.vg>> wrote:
> 
>     The Passcode section of the report is blank, I guess indicating the
>     user did not have a passcode?
> 
>     The article does mention passcodes:
> 
>     > All modern smartphones can be locked with a PIN or password, which
>     can slow down,
>     > or in some cases, completely thwart forensic analysis by the
>     police (as well as a phone
>     > thief or a prying partner). Make sure to pick a sufficiently long
>     password: a 4 character
>     > numeric PIN can be cracked in a few minutes, and the pattern-based
>     unlock screen
>     > offered by Android can be bypassed by Google if forced to by the
>     government. Finally,
>     > if your mobile operating system offers a disk encryption option
>     (such as with Android
>     > 4.0 and above), it is important to turn it on.
> 
>     The iPhone has a class of data that is encrypted when the device is
>     locked, and decrypted based off a key derived in part by the passcode
>     when unlocked.  I think this, combined with separate passwords for FDE
>     and screen unlocking would be good classes of improvements we can make
>     in all mobile platforms (not just phones).
> 
>     I'd also love to see some research into alternative, higher entropy
>     but simple-to-use screen unlock systems.  At first I was thinking
>     something akin to a pattern unlock, but a path through a 3D maze: your
>     password is a series of turns, but even presented with five choices
>     five times the keyspace is too small.  What keyspaces present a large
>     number of easy-to-parse options that fit nicely on a phone screen?
>     Maybe a map?  I've seen a few attempts[0,1, and others] but I've not
>     been convinced they wind up with an order of magnitude more choices
>     that the baseline 10000 of a 4-digit passcode.
> 
>     -tom
> 
>     [0] http://www.youtube.com/watch?v=kHBjzlFalvA
>     [1] http://clam.rutgers.edu/~birget/grPssw/authSueE.pdf
>     --
>     Too many emails? Unsubscribe, change to digest, or change password
>     by emailing moderator at companys at stanford.edu
>     <mailto:companys at stanford.edu> or changing your settings at
>     https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> 
> 
> -- 
> *R. Jason Cronk,* *Esq., CIPP*                               
> (828) 4RJCESQ
> rjc at privacymaverick.com <mailto:rjc at privacymaverick.com>
> blog.privacymaverick.com <http://blog.privacymaverick.com/>
> 
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 



More information about the liberationtech mailing list