Proposal: Personal Data Encryption (maybe SoC?)
moko at kobran.org
Sun Mar 18 19:49:43 CET 2007
On Sun, 2007-03-18 at 18:57 +0100, Paul Wouters wrote:
> Excellent idea. Let's ditch the passphrase/pin though, because once we
> copy the data off phone to another device, brute forcing anything you
> can type comfortable using a pin or keyboard will be trivial.
I wouldn't. Brute-forcing a passphrase/pin is only as simple as the
passphrase/pin. Plus you are limiting your thinking to the current MoKo
platform (The Neo). In the future there may be MoKo devices with
hardware keyboards and without touch screens.
An entropy meter associated with the creation of the passphrase/pin
would be very useful, as would having a high limit on the number of
characters, or no limit at all. It could help people choose better
passphrases, making the people more security conscious in the process.
Almost all of my passwords are 15+ characters, but they are all
memorable (to me) and when I've run them through stand-alone entropy
meters, they all rate very highly.
> I really like the "custom drawn symbol" idea. It introduces a lot of
> variables. Not only the lines, but also the timestamps on when scribbling
Yes, lots of variables, like fuzzy-matching the symbol, because I don't
know about you, but I don't think I can be pixel-perfect drawing on a
touchscreen in any reasonable length of time.
More information about the community