Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is why I'm happy that Android has some interesting password entry mechanisms that only exist for the iPhone in the jailbreak arena.

Apple really needs to embrace a non-PIN style password and make a way to login that's not a pain in the ass. A friend has an iPhone with a 9-character pass.. it's secure but impossible to use since it takes about 10 seconds to unlock each time... if the user can't be bothered to put a master password because it's not usable to do so, then it almost doesn't matter if there's hardware encryption anyway.

Compared with Google, Apple's views on security are weak. It's like comparing Google's "customer support" to Apple's... demonstrably weaker.



But Android is still converting those gestures to something that's basically a key which can be exposed to a brute force attack.

Android uses a nine cell unlock pattern which gives you roughly 16 bits. A four digit numeric key gives you between 13 and 14.

So while it's better it's not moving it into the realms where a brute force attack of this nature is off the table, it just goes from about 40 minutes to about 4 hours.

Given that in most instances where this sort of attack is being used the attacker will have stolen the phone and therefore there's no practical time limit, that's not a useful improvement.


How many swipes are required to unlock your Android phone? Is there an upper limit? Also, how many hot spots are there on the screen (I assume it's not a free-hand gesture...)?


The swipie unlock that every Android phone I've seen in practice could be represented as a four digit number (actually less, since there's no zero and no repeats IIRC). The only difference I can see between a swipe and a digit is you hold your thumb down and it looks more futuristic.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: