Thread: [Announce] SMScon (control your device with SMS)
View Single Post
yablacky is offline yablacky
2012-07-13 , 17:06
Posts: 155 | Thanked: 315 times | Joined on Jun 2010 @ DE
#1215
Originally Posted by Estel View Post
yablacky, while idea of using IMSI as an de-facto key for truecrypt - isn't it offering too low security? It's numbers only - I don't have hard data with me, but bruteforcing it would be orders of magnitude easier, than any TrueCrypt password should be - yep?

Isn't it becoming security through obscurity (i.e. relying on fact, that attacker doesn't know - usually - way used to deliver password from PIN and IMSI)?
The IMSI is a 15-digit number, appox. 50 bits. I agree, this nowadays is not very secure against brute force attacks.

I tried a lot to access other data on the SIM which requires PIN, e.g. the address book. This could provide more bits to the key. I just had no success yet to query the SIM phone book programmatically Has anybody tried this successfully? It could help a lot.

On the other hand, some may find that 50 bits are enough for their data on the phone. The usual thief or finder would not try to crack it brute force. Those having real sensitive data should of course not protect data using a 15 digit number...
 

The Following 2 Users Say Thank You to yablacky For This Useful Post: