>Well, thank you for explaining why your Goldberg-style solution will not be used. I wanted to see why single-password solution will not be used. Hint: it works and is actually used by real people on laptops, so why not on phone?
Encryption is barely used in real-life on laptops - people just _like_ it when they can pop open the laptop lid and start typing without bothering to enter a password. Or having to enter a strong password during the login process. And that's on PCs that have an easy-to-use keyboard.
>Depends on the manufacturer. Cards used by banks to protect million-dollar transactions are not principally any different from SIM card.
Banks use HSMs to protect transactions. And then they also use unsecured SMS for million-dollar transaction confirmations. So "what the banks use" is not a good indicator of security.
>130 characters are just 1040 bits. Not enough to organize robust asymmetric signature.
That's enough for elliptic-curve signatures. But you don't need them, anyway.
>And you'll need some payload, too. Feel free to invent some complex unreliable overengineered solution, but don't expect anyone to consider it seriously.
Nope. Your phone and the password server would have a shared secret (apart from the PIN) established during the initial setup procedure, no need for anything asymmetric.
So you only need to pack a nonce (128 bits), an unlock PIN (128 bits should be enough), encrypt it with your shared secret and send as an SMS. Even with base-64 or binhex encoding it'll take less than 80 symbols.
>I guess “anyone” should be replaced with “anyone who understands basic security principles”.
How about "if a security feature is hard to use then it won't be used"?