Google Made Android 7 Encryption Passwords Easier To Brute-Force

[Lucian Armasu]

The latest major version of Android may be vulnerable to much faster password cracking when the file-based encryption method is used, due to the system revealing information about how the password is composed.

Google Made Android 7 Encryption Passwords Easier To Brute-Force : Read more

 

[tom10167]

The apple thing is wildly overblown, going from ten million years to 1 million years is still in the unbreakable range. Knowing the exact parameters like in androids issue is a crippling blow.

 

[LinuxUser7634]

Sure, that would work..if they already have access to you phone while unlocked and can read that file.

 

[nutjob2]

Having restrictive rules for passwords like maximum length is idiotic, making them machine readable is beyond idiotic.

 

[none12345]

Hrm at first i was like wtf, they are storing the signature of your password.

But, i dont think thats what this is, it looks more like a 4 didget pin number rule for something. Just going by the file name, taht would suggest its a ruleset for seomthing, not a user signature. And if thats the case, then everyone already knew it was a numerica 4 didget pin number.

If it is a signature of your password tho, thats quite bad.

 

[tigerwild]

None12345, I think you missed the point. Sure a signature would allow anyone to use a rainbow table to immediately look up your password, but the real issue is THERE IS NO REASON to ever store the fundamental structure of the password or its hash value in an unencrypted mannor. Doing so shows that someone has intentionally left it there to make brute forcing the password orders of magnitude easier and thus faster.