[cryptography] Fwd: Re: Commercialized Attack Hardware on SmartPhones

Tom Ritter tom at ritter.vg
Sun Mar 2 11:47:35 EST 2014


> ---------- Forwarded message ----------
> From: "shawn wilson"
> How about a dictionary and rules. Even if you choose an alphanumeric
"strong" pass, you're kinda limited to the phone's keyboard - you're not
going to want to switch case or between letters and special too often.
Also, IIRC Android limits length to 15 chars. I also don't think the screen
lock can be different than the boot pass (so everything I said above should
hold true).
>
> Basically what I'm saying is use hashcat.

In regular use I agree completely. But in my threat model (what I'm
preparing for) is 'prepared use' - you're knowingly crossing a border or
attending a protest, want/need your phone, and are willing to have a
painful password for a short bit.

-tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140302/e55675fc/attachment.html>


More information about the cryptography mailing list