Proposal: Personal Data Encryption (maybe SoC?)
Tobias Gruetzmacher
nospam at portfolio16.de
Sun Mar 18 23:15:57 CET 2007
Hi,
Am 2007年3月18日 18:57:21 +0100 schrieb Paul Wouters:
>> I vote no on this one, primarily due to not being able to access this
>> information without nearby people hearing (Or possibly recording) the
>> pass phrase (Think about trains, planes, buses, business meetings,
>> etc). A user-defined symbol drawn on the screen or a password/PIN
>> tapped into the screen would be ideal, preferably with a user-defined
>> timeout period (1-minute, 5-minutes, until-phone-goes-to-sleep, etc).
>> Excellent idea. Let's ditch the passphrase/pin though, because once we
> copy the data off phone to another device, brute forcing anything you
> can type comfortable using a pin or keyboard will be trivial.
The point is: You cannot. Taking my idea 2 (using the SIM as a "key
vault") you have 3 tries for the SIM pin and then the SIM is locked and
you need the PUK to unlock it. If you get the PUK wrong 10 times the SIM
transforms into useless junk.
I remove idea 3 (user-choosable passphrase) from my proposal, because
that my provide less security then idea 2.
If it is possible to store another secret using the PIN2, you could
implement "private" records (as Joe Pfeiffer suggested) using the PIN2.
But if we are talking about about generic encryption of user data, maybe
a simple public/private flag like in PalmOS would be enough (just to hide
private data from a shoulder surfer)
If I read http://gsho.thur.de/gsho/technik/download/gsm11-11.pdf
correctly (I just read some parts, sorry if I get something wrong), each
"file" on the SIM card can be locked with either the PIN, the PIN2 or by
the Administrator (the one who gave you the SIM, your network operator),
so you could certainly use the SIM as a key storage...
(This document talks about CHV1 and CHV2 where I used PIN and PIN2...)
Greeting, Tobi
--
GPG-Key 0xE2BEA341 - signed/encrypted mail preferred
My, oh so small, homepage: http://portfolio16.de/
http://www.fli4l.de/ - ISDN- & DSL-Router on one disk!
Registered FLI4L-User #00000003
More information about the community
mailing list