1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How secure with Android 4 digit pin encryption?

Discussion in 'BlackHat Lounge' started by JJohn, May 12, 2017.

  1. JJohn

    JJohn Registered Member

    Joined:
    Nov 2, 2009
    Messages:
    80
    Likes Received:
    8
    I have the latest version of the samsung galaxy and i have encrypted the entire disk with a 4 digit pin within the Android security feature. Normally when encrypting a computer drive it recommends 20 characters minimum, how secure can a 4 digit pin be even if the whole phone is encrypted, wouldnt it take just a few hours to brute force it?
    Any recommendation on how safe it is or if there are any good software for android full disk encryption?
     
  2. zsh

    zsh Newbie

    Joined:
    May 12, 2017
    Messages:
    4
    Likes Received:
    1
    Usually there is an option for the phone to reset itself after say 10 incorrect attempts included in a FDE set up. But yes, it is trivial to enumerate all the possibilities for a 4 digit pass code; depending on your adversary it may be done in a few hours. If you use a password as your key phrase instead of just digits and make it sufficiently long, you will be much better off. Keyspace for 4 digit pin = 10^4 vs. keyspace for a standard 10 char password ~= (101-107)^10, the latter of which - even with nation state tier resources like the NSA has - will take decades of non-stop running with hundreds of machines to obtain. This is under the assumption that you choose a truly random password and do not reuse your old passwords. Note that someone may be able to attack the phone's implementation or hardware and completely bypass the code altogether.