Identical Duress PIN & Duress Password?

Novalissoide

If I choose the same number, say 11131113 as both Duress Pin, and as Duress Password for simplicity, is this in any way faulty thinking?

(Moved this question from another thread)

libertarian

Novalissoide I did the same. From what I understand, that is fine.

userofgos

Novalissoide it depends on your scenario I guess.

If you are in a situation where it's a street thief that doesn't know about GrapheneOS, I don't see any issue with this method. However you may not be able to predicted how the they will respond.

If you're in a situation where you're being forced to unlock your phone by sophisticated actors that know about GrapheneOS and the duress feature - I think it would be obvious to those observing you enter such a short "passphrase" that they will realise you instead typed in a numeric duress pin rather than a duress passphrase.

Your example of 11131113 would look more like a 1-2 word passphrase. Which doesn't even come close to providing the same security as the suggested 7-8 diceware passphrase

Novalissoide

userofgos My mistake, I should reframe the question a bit, starting with a better number, say in both fields
Pin: 4945348
Password: 4945348

userofgos

Novalissoide you made a more secure example password, but still doesn't change the perception one might have observing you enter your duress "password/passphrase" (4945348) - which would still appear to someone watching you input it like a 1-2 word diceware password/passphrase.

Therefore I would think a sophisticated actor would suspect you are not entering your valid unlock password (because they know a 7 character password or 1-2 word passphrase is highly insecure) but are instead entering a duress pin/password.

Again, this scenario I'm referring to involves a sophisticated actor with knowledge of GrapheneOS and the duress feature.

Hope I explained this clearly :)

Novalissoide

userofgos thank you, I'm in a developing phase grasping this apparently. 😚