314 Doesn't sound too bad.
Device locking method, why not...
314 If somebody can observe multiple unlocks, each successful unlock rules out many digit/location combinations. If one unlock had a 3 over a red triangle and a 7 over a green oval, then the unlock secret can't involve a 7 over the red triangle or a 3 over the green oval. Over time many options can be ruled out, leaving an ever-smaller set of candidates to try.
If attackers are restricted to observing just one unlock, the scheme seems pretty reasonable, but given features of modern civilization such as municipal camera networks it's not clear that's a good assumption.
Something else that would help would be changing the unlock secret often. If it were changed every 20 unlocks that would probably be quite resistant, but also probably unusable.
Overall this looks fairly strong against weak attackers, but pretty weak against strong/patient attackers.
- Edited
To me, this unlock method doesn't look secure at all. I can imagine people would sometimes even accidentally unlock their phones. Someone with regular access to the device could try unlocking from time to time and they would have a pretty good chance of randomly getting it right. Compare that to even a PIN. This picture unlock method would come nowhere close to even a short PIN.
Using GrapheneOS's 2FA unlock, you can use a fingerprint and a short PIN, so even if someone were to watch you enter that, they'd still need your fingerprint. Not to mention the duress feature. GrapheneOS users can wipe their phones from the lock screen if they want to.
To be honest, this picture unlock method is the one that looks basic.
edit: testing something, didn't edit anything related to my original post...
314 This was not at all secure and is far worse than simply using a random 6-8 digit PIN with PIN scrambling enabled. What you're proposing implementing doesn't work as a way to have a secure lockscreen and secure encryption.
looks like this method circa 2014 is about as stale as the company that introduced it.
- Edited
314 "Picture Password" is not a secure method of authentication, what you are describing cannot be used to derive a secure key in the same way PBKDF2 can.
You are asking for a fundamentally insecure way of device authentication that has no entropy or key derivation functionality.
Assuming the matrix you talked about is, let's say, 12 by 5 matrix (which is still huge for the average user).
That's 5 rows that each have 12 positions. That's not at all good enough. Its not secure...that's ignoring the fact there is no way to have key derivation from this process.
raccoondad These methods are worse than they seem based on the grid size alone because they strongly encouraging using far less random positions. Looking at it only from the theoretical possible choices greatly overestimates the level of security it provides. That's exactly why GrapheneOS disabled the pattern lock feature. The way it encourages insecure, non-random lock methods is also tied together with it not being particularly compatible with randomly generating it. We're going to be adding a random PIN and passphrase generation feature soon which is being actively worked on by a developer already. It will generate a few random PINs or passphrases and then the user chooses one from the list they like most. Pattern lock is essentially just a limited PIN where only certain values can be selected and they can't be reused, which makes it far less secure, and it also loses the ability to turn on PIN scrambling. Makes far more sense just to use a random PIN that's far more secure along with the bonus of the option to scramble it being available too.
GrapheneOS I've been using KeePassDX so far to generate random PIN codes / passphrases, I'm not sure if it's really good or not, but it's the only practical way I have at the moment, I think this new feature to generate PIN codes and passphrases is very welcome!
1) I have used it for years and I have never unlocked it accidentally. Chances are close to zero.
2) After three attempts you must enter your device password. Otherwise the device remains locked.
3) Even if you have ten people around you looking at your screen, no one will be able to understand your unlocking pattern. With PIN… forget it.
4) I am strongly against giving away any kind of biometrics to our phone or to anyone else except our doctor!
But what does 6-8 digit PIN has to do with encryption?
Why it is far worse than simply using a random 6-8 digit PIN?
Perhaps you haven’t understood how it works. Have you seen the video in Mr_Black post?
The potential administrative failure of any company must not overshadow the work of its brilliant engineers, programmers, etc.
I am trying to study and understand the value of GrapheneOS. It is a very reputable OS among a very limited but significant (for me) part of the market. Unfortunately, if GrapheneOS or any other OS with the same goals would try to go mainstream it would be a failure because the majority of the people haven’t even considered the aspects of privacy and security in their lives. In my opinion, that shouldn’t be translated as that GrapheneOS is a failure or stale since date 20XX. For me, ironically, this hypothetical failure would actually justify that GrapheneOS was indeed very serious about its core values and goals.
Maybe my written explanation was not good.
Mr_Black posted a link 3-4 post from the beginning of this thread.
I would be really interested about your opinion after watching it. I am not challenging you. I find your answer very interesting but it seems that I haven’t made you understand how it works.
Yes, but what I am talking about here is simply unlocking your phone.
And however much creative are the suggested passwords from KeePassDX, if someone is looking over your shoulder, is… looking over your shoulder.
Adding to that, even if the layout of the screen, where you enter this PIN code, changes randomly, it is not secure.
…unless of course you want to use your invaluable biometrics for 2FA…
314 "But what does 6-8 digit PIN has to do with encryption?"
This question should be obvious...if it isn't, I don't think you are qualified on making an argument here...
I'll look at the post, but I'm almost certain there is no key diveration you can make from a system you are describing (at the very least, it wouldn't be standard)
- Edited
raccoondad looked at the video, its two images layered on each other. No transformations on the images are made but a simple movement in space on the top layer...this is terrible entropy, there is no way to have key divereration from this...
Your pin code is the method used for the security chip to release your phones encryption key, if I'm not mistaken, the password is hashed and applied onto the released key to make the 'true' key that's used (I may be wrong on this, but I'm fairly sure a transformation is done onto the released token from the Titan M chip based on your password/pin)
Regardless, the method you are showing has little entropy, no key divervation method, and is fundamentally not secure or protect from your threat model.
I assure you GOS understands how it works, its not a secure or standardized method of authentication. This is why pattern unlock was also removed.
Thank you very much for your answer. I do appreciate the time you have spent for it.
So our only option today is a 2FA with BIOMETRICS?
This in terms of security – based on your explanation – may be very good but in terms of privacy is a DISASTER.
Our biometrics should not be required by any device, software or application.
314 6+ digit PIN (along with PIN scrambling + maybe privacy screen) is pretty sufficient locking method if you take into account secure element brute force throttling
Could you elaborate on “maybe privacy screen” please?