On a mobile, does using a password instead of a PIN make encryption stronger?
What key does the phone use for its encryption? Would it use the PIN itself?
Asked
Active
Viewed 185 times
1 Answers
1
It depends entirely on the phone. But in general, using a strong password is always better than a weak pin.
The phone may use a key derived from the pin for encryption, in which case pssword is much better and honestly quite necessary.
It may use some secure hw chip to store the key and the chip may limit number of attempts. In this case PIN may be enough.
It can also use something else.
Peter Harmann
- 7,728
- 5
- 20
- 28
-
It hink neither Android nor Apple derive keys entirely from the PIN/code/biometrics - however of course the encryption keys are protected with the weak material so it is a good idea to use longer ones, especially if you fear nation state attackers ... – eckes Apr 28 '19 at 20:39
-
@eckes I think this differes between versions of Android/iOS and even between different Android ROMs, that is why I did not want to go into any details. – Peter Harmann Apr 28 '19 at 21:02
-
@eckes Also if you fear nation state attackers, maybe don't rely on FDE. The FBI vs Apple fiasco has shown us that FDE can't be relied upon. – Peter Harmann Apr 28 '19 at 21:07
-
FBI vs Apple fiasco wasn't a condemnation of FDE, it's a condemnation of Secure Enclave Processors. The FDE part is actually the part that is solid enough that even the FBI has no chance of bypassing them. – Lie Ryan Apr 29 '19 at 03:26
-
@Lie Ryan if we are talking TrueCrypt/VeraCrypt then sure. If we are talking phones, I am not convinced. – Peter Harmann Apr 29 '19 at 11:22