Handset cohabitation: Ubuntu for Android
Posted Mar 6, 2012 20:54 UTC (Tue) by khim
In reply to: Handset cohabitation: Ubuntu for Android
Parent article: Handset cohabitation: Ubuntu for Android
>And this is a problem… exactly why?
If something is too complex - it won't be used.
Well, thank you for explaining why your Goldberg-style solution will not be used. I wanted to see why single-password solution will not be used. Hint: it works and is actually used by real people on laptops, so why not on phone?
>If you want to design "pipe-in-a-sky" solutions then it's simpler to just reuse already existing SIM care to store password. Still will require quite a lot of code on uncrypted "startup" partition but will be usable, for example,
I don't want to store the decryption key in permanent storage on my phone (or its SIM-card which can be read easily).
Depends on the manufacturer. Cards used by banks to protect million-dollar transactions are not principally any different from SIM card.
>when your magic server will not be available (because your service plan does not include data roaming, for example).
That's why I'm going to add an SMS-based protocol. 130 characters are more than enough for secure key exchange.
130 characters are just 1040 bits. Not enough to organize robust asymmetric signature. And you'll need some payload, too. Feel free to invent some complex unreliable overengineered solution, but don't expect anyone to consider it seriously.
Actually... I take that back: if you'll handwave enthusiastically enough and will talk about advantages boisterously enough you can sell your snake oil to some phone companies.
I guess “anyone” should be replaced with “anyone who understands basic security principles”.
to post comments)