1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How secure with Android 4 digit pin encryption?

Discussion in 'BlackHat Lounge' started by JJohn, May 12, 2017.

  1. JJohn

    JJohn Junior Member

    Nov 2, 2009
    Likes Received:
    I have the latest version of the samsung galaxy and i have encrypted the entire disk with a 4 digit pin within the Android security feature. Normally when encrypting a computer drive it recommends 20 characters minimum, how secure can a 4 digit pin be even if the whole phone is encrypted, wouldnt it take just a few hours to brute force it?
    Any recommendation on how safe it is or if there are any good software for android full disk encryption?
  2. zsh

    zsh Newbie

    May 12, 2017
    Likes Received:
    Usually there is an option for the phone to reset itself after say 10 incorrect attempts included in a FDE set up. But yes, it is trivial to enumerate all the possibilities for a 4 digit pass code; depending on your adversary it may be done in a few hours. If you use a password as your key phrase instead of just digits and make it sufficiently long, you will be much better off. Keyspace for 4 digit pin = 10^4 vs. keyspace for a standard 10 char password ~= (101-107)^10, the latter of which - even with nation state tier resources like the NSA has - will take decades of non-stop running with hundreds of machines to obtain. This is under the assumption that you choose a truly random password and do not reuse your old passwords. Note that someone may be able to attack the phone's implementation or hardware and completely bypass the code altogether.