Breaking Samsung Android Passwords/PIN
#16
Yes, we recently discussed the pattern hash here too: http://hashcat.net/forum/thread-2165.html

I know that there are so many stupid and unbelievable things out there, especially if you do some security research, (embedded) device exploitation, password research or even reverse engineering. You come accross ,very* stupid things that you simply can't believe. And you learn you shouldn't cry because things are AS IS and vendors etc only change things if you FORCE them to change it somehow!?
This is definitely one of those things that is also very absurd to me.
Why in the world Google uses this/those schemes? Are they collaborating w/ governments?
This cannot be for real! There is no reason to append a (faster crackable) MD5 hash to a SHA1 hash...

So the 1024 iterations ARE completely a lose of energy! Believe me Google. Skip that SHA1 if you really need to append the MD5 (and of course to calculate this digest too), please skip it. This is maybe why my Android phone is always connected to the charger. hehe

There must be some clever decision/discussion behind this hashing scheme, but I really don't get it!!! Sorry.
Maybe "older" devices are too lame to calculate SHA1 fast? Is this a serious reason to calculate both SHA1 and MD5. NO

I didn't do any major research about this topic. Maybe someone can explain... BUT this is really a big *FAIL*
I like my Android phone, but this is really *for shame* (maybe also the "Encrypt phone" feature is completely broken, someone should dig into that!).

How many Android devices are out there? OMG!


Messages In This Thread
RE: Breaking Samsung Android Passwords/PIN - by philsmd - 04-12-2013, 10:03 AM