Proposal: Personal Data Encryption (maybe SoC?)

Tobias Gruetzmacher nospam at
Sun Mar 18 23:15:57 CET 2007


Am Sun, 18 Mar 2007 18:57:21 +0100 schrieb Paul Wouters:
>> I vote no on this one, primarily due to not being able to access this
>> information without nearby people hearing (Or possibly recording) the
>> pass phrase (Think about trains, planes, buses, business meetings,
>> etc). A user-defined symbol drawn on the screen or a password/PIN
>> tapped into the screen would be ideal, preferably with a user-defined
>> timeout period (1-minute, 5-minutes, until-phone-goes-to-sleep, etc).
> Excellent idea. Let's ditch the passphrase/pin though, because once we
> copy the data off phone to another device, brute forcing anything you
> can type comfortable using a pin or keyboard will be trivial.

The point is: You cannot. Taking my idea 2 (using the SIM as a "key 
vault") you have 3 tries for the SIM pin and then the SIM is locked and 
you need the PUK to unlock it. If you get the PUK wrong 10 times the SIM 
transforms into useless junk.

I remove idea 3 (user-choosable passphrase) from my proposal, because 
that my provide less security then idea 2.

If it is possible to store another secret using the PIN2, you could 
implement "private" records (as Joe Pfeiffer suggested) using the PIN2. 
But if we are talking about about generic encryption of user data, maybe 
a simple public/private flag like in PalmOS would be enough (just to hide 
private data from a shoulder surfer)

If I read 
correctly (I just read some parts, sorry if I get something wrong), each 
"file" on the SIM card can be locked with either the PIN, the PIN2 or by 
the Administrator (the one who gave you the SIM, your network operator), 
so you could certainly use the SIM as a key storage...

(This document talks about CHV1 and CHV2 where I used PIN and PIN2...)

Greeting, Tobi

GPG-Key 0xE2BEA341 - signed/encrypted mail preferred
My, oh so small, homepage: - ISDN- & DSL-Router on one disk!
Registered FLI4L-User #00000003

More information about the community mailing list