Proposal: Personal Data Encryption (maybe SoC?)

Henryk Plötz henryk at
Mon Mar 19 01:27:17 CET 2007


Am Mon, 19 Mar 2007 00:56:51 +0100 schrieb Hans Bakker:

> Can't a gesture-based authentication be used? I mean swipe a certain
> pattern with your finger on the touchscreen.

Yes. That gives probably at least enough entropy to replace the SIM's
PIN and something we definitely should look into.

What I'm thinking about is to use the libstroke mechanism. Short
introduction: The gesture area is divided into 3x3=9 bins like so:
1 2 3
4 5 6
7 8 9

You then simply concatenate the numbers of all bins that are touched.
An 'L' shape for example would be 14789. This is robust enough to be
used as a cryptographic key and might give enough entropy for a 4-digit
PIN. (Format the PIN as two byte BCD, SHA-1 the stroke string and fold
the hash down to two bytes, then xor pin and hash.)

Some feedback will be necessary so the user can see that the gesture
was correctly detected before sending the PIN to the SIM. I propose some
sort of bubblebabble-digest.

Henryk Plötz
Grüße aus Berlin
~ Help Microsoft fight software piracy: Give Linux to a friend today! ~

More information about the community mailing list