Mobile password management – Mobile Sitter by the guys who brought you MP3
The Fraunhofer institute for secure information technology has created a novel application to carry sensitive passwords on your mobile phone:
“The MobileSitter helps a user to manage his secret codes on his own mobile phone. It does not matter if the codes are passwords, PINs or TANs. They will be encrypted in a very specific way and the encrypted result is stored in the MobileSitter. If an unauthorized person gets a hold of the userâ€™s mobile phone and would like to access the secret information, the MobileSitter will bring him to sheer despair. For every master password entered the MobileSitter will return the encryption result belonging to that respective master password. The attacker has the problem that he cannot discern or decide in any way whether the encrypted result offered to him is the correct one or not. When for example a hacker is searching for the PIN of an ec-card, the hacker will not be able to distinguish the code produced by the MobileSitter from a real PIN. The only thing left for him then is to go with the stolen card to a money machine where he has three attempts. The hacker will not have any advantage, even if the user has chosen a weak password. As far as the hacker is concerned, all other candidates for master passwords are equally probable.”
That is an excellent approach against brute force attacks.
The application is supposed to be available for sale in may. It’s going to be a J2ME version with support for a wide selection of handsets.